50.2. Authenticators

The CAuthenticator class is the abstract base class of all authenticators. It provides an interface that all authenticators must meet. In typical operation, an application will select a concrete authenticator, and pair it with a concrete interactor. The application will then authenticate requestors using this pair of objects. Here's some sample boilerplate code:

Example 50-3. Boilerplate DAQ Authorization code


#include <Authenticator.h>
#include <Interactor>

...
    CAutenticator* pAuthenticator =  selectAuthenticator();
    CInteractor*   pInteractor    =  selectInteractor();
    if (pAuthenticator->Authenticate(*pInteractor)) {
        // Authorized to use the service.
        ...
     }
    else {
     // Not authorized to use the service.
     ...
    }
    // Assuming the interactor an authenticator are dynamically allocated
    // by the selection functions.
    
    delete pAuthenticator;
    delete pInteractor;
            

In the example above, the functions not shown, selectAuthenticator and selectInteractor determine the actual authentication method and authorization policy. The implementation of these functions will vary from application to application.

The complete definitinon of CAuthenticator is provided in its reference pages. The library provides the following concrete authentication classes:

CPasswordCheck

The entity must provide a correct password. Note that the current set of interactors do not support encrypted interactors. This can be extended if required.

CUnixUserCheck

The entity must provide a valid username and password that is could login to the local unix system.

CTclAccesListCheck

Intended for use within a Tcl interpreter. The entity must supply some string that is an element of a Tcl list held in a Tcl variable.

CAccessListCheck

The entity must supply a string that is one of a set of strings given to the authenticator.

CHostListCheck

Same as CAccessListCheck but the access list is a set of IP addresses. The entity's credentials are translated to an IP address and looked up in the set of allowed items.