Developing a composite control authentication handler

Extend the CompositeControlAuthenticationHandler class to combine the decisions from multiple control authentication handlers.

Using a composite control authentication handler reduces the number of messages that are sent between Diffusion™ Cloud and the client to perform authentication.

This example describes how to use a composite control authentication handler as part of a client remote from Diffusion Cloud.

Create the individual control authentication handlers that your composite control authentication handler calls.
You can follow steps in the task Developing a control authentication handler.

In this example, the individual control authentication handlers are referred to as HandlerOne, HandlerTwo, and HandlerThree.

Extend the CompositeControlAuthenticationHandler class.

package com.example.client;

import com.example.client.HandlerOne;
import com.example.client.HandlerTwo;
import com.example.client.HandlerThree;

import com.pushtechnology.diffusion.client.features.control.clients.CompositeControlAuthenticationHandler;

public class ExampleHandler extends CompositeControlAuthenticationHandler {

    public ExampleHandler() {
        super(new HandlerOne(), new HandlerTwo(), new HandlerThree());
    }
    
}

Import your individual control authentication handlers.
Create a no-argument constructor that calls the super class constructor with a list of your individual handlers.

Create a simple client that registers your composite control authentication handler with Diffusion Cloud.
You can follow steps in the task Developing a control authentication handler.

Ensure that you register your composite control authentication handler, ExampleHandler, using the one of the following names: before-system-handler or after-system-handler.
Start your client.
It connects to Diffusion Cloud and registers the composite control authentication handler.

When the client session starts, the composite control authentication handler calls the onActive methods of the individual control authentication handlers in the order in which they are passed in to the composite handler.

When the composite control authentication handler is called, it calls the individual control authentication handlers that are passed to it as parameters in the order they are passed in.

If an individual handler responds with ALLOW, the composite handler responds with that decision to Diffusion Cloud and a list of any roles to assign to the authenticated principal.
If an individual handler responds with DENY, the composite handler responds with that decision to Diffusion Cloud.
If an individual handler responds with ABSTAIN, the composite handler calls the next individual handler in the list.
If all individual handlers respond with ABSTAIN, the composite handler responds to Diffusion Cloud with an ABSTAIN decision.

When the client session closes, the composite control authentication handler calls the onClose methods of the individual control authentication handlers in the order in which they are passed in to the composite handler.