[JDEV] adding authentication associated with a tranport.

Oliver George oliver at littledevil.com.au
Thu Oct 19 19:15:30 CDT 2000

Hi JDEVers,

(in case anyone is interested i have successfully interfaced flash 5 with 
jabber and hopefully i will integrate these changes to the jabber source 
- thanks to all who helped)

My previous work has gotten me to the stage of having a 3k flash applet 
for a online helpdesk chat session.  Nothing tricky.  It can successfully 
talk to the jabber server.

My aim is to allow authentication to the server and restrict this 
'anonymous' access to a particular transport.

With this in mind i want to do the following...
1. add a new authentication module associated with this function
2. add a filter on these sessions to only permit messages to be targetted
   at the transport.

The filtering is easy, i just register a module on o_PRECOND and reject 
packets based on the "to" and "from" attributes.  Specifically, if the 
sender is "troubleticketid at helpdesk-customer" then the destination must 
be "troubleticketid at helpdesk-transport".  You could even only permit 
<message/> tags.

The authenticating is tricky.  I have two possible solutions which i will 
describe below, but generally the new authentication module will authenticate 
if the following conditions are met:
  a. the address is of the form "troubleticketid at helpdesk-customer"
  b. a database lookup shows the troubleticketid is valid and active
  c. the password matches the password associated with that troubleticketid 
     (if one exists)

If people accept that this sort of arrangement is an acceptable use of 
jabber then a good generic solution is the best... this means option 2 is 
the best solution.

OPTION 1: compile a new authentication module into jsm.so (ewww, yuck, 
transports shouldn't need to be compiled into the server)

OPTION 2: add some kind of interface to jsm so that an external module 
can signal that this session has been successfully authenticated.

Internally it seems that jsm associates some kind of state with a session, 
and i assume it blocks packets until the session state is AUTHed.  the only 
issue with that is that an externally compiled module needs to communicate 
with it.

This is all my best guess work, jsm is scary but very clever.  StPeter
agrees with my ideas, but the question was without notice.

Anyhow this email is just to get my issue somewhere permenant.  Any 
hints, opinions or suggestions are welcome.

Thanks, Oliver (aka. Slimy).

More information about the JDev mailing list