Developing a composite authentication handler

Extend the CompositeAuthenticationHandler class to combine the decisions from multiple authentication handlers.

If there are several, discrete authentication steps that must always be performed in the same order, packaging them as a composite authentication handler simplifies the server configuration.

This example describes how to use a composite authentication handler to call multiple local authentication handlers in sequence.

Create the individual authentication handlers that your composite authentication handler calls.
You can follow steps in the task Developing a local authentication handler.

In this example, the individual authentication handlers are referred to as HandlerA, HandlerB, and HandlerC.

Extend the CompositeAuthenticationHandler class.

package com.example;

import com.example.HandlerA;
import com.example.HandlerB;
import com.example.HandlerC;

import com.pushtechnology.diffusion.client.security.authentication.CompositeAuthenticationHandler;

public class CompositeHandler extends CompositeAuthenticationHandler {

    public CompositeHandler() {
        super(new HandlerA(), new HandlerB(), new HandlerC());
    }
    
}

Import your individual authentication handlers.
Create a no-argument constructor that calls the super class constructor with a list of your individual handlers.

Package your compiled Java™ class in a JAR file and put the JAR file in the ext directory of your Diffusion™ installation.
This includes the composite authentication handler on the server classpath.
Edit the etc/Server.xml configuration file to point to your composite authentication handler.
Include the authentication-handler element in the list of authentication handlers. The order of the list defines the order in which the authentication handlers are called. The value of the class attribute is the fully qualified class name of your composite authentication handler. For example:
```
<security>
  <authentication-handlers>
    
    <authentication-handler class="com.example.CompositeHandler" />
    
  </authentication-handlers>
</security>
```
Start the Diffusion server.
- On UNIX^®-based systems, run the diffusion.sh command in the diffusion_installation_dir/bin directory.
- On Windows™ systems, run the diffusion.bat command in the diffusion_installation_dir\bin directory.

When the composite authentication handler is called, it calls the individual authentication handlers that are passed to it as parameters in the order they are passed in.

If an individual handler responds with ALLOW or DENY, the composite handler responds with that decision to the server.
If an individual handler responds with ABSTAIN, the composite handler calls the next individual handler in the list.
If all individual handlers respond with ABSTAIN, the composite handler responds to the server with an ABSTAIN decision.