FtpServer
  1. FtpServer
  2. FTPSERVER-315

Pass FtpSession information to the UserManager.authenticate method

    Details

    • Type: Improvement Improvement
    • Status: Open
    • Priority: Minor Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 2.0.0
    • Component/s: Core, Ftplets
    • Labels:
      None

      Description

      Currently the UserManager interface has the authenticate method defined as follows:

      User authenticate(Authentication authentication)
      throws AuthenticationFailedException;

      I'm wondering if it would be of any benefit to change it to:

      User authenticate(Authentication authentication, FtpSession session)
      throws AuthenticationFailedException;

      The reason(s) behind this -

      I want to log a message when the login fails. The login could fail to due to a number of reasons - such as Account is disabled, password has expired and so on. Since I do not have the session information available from this interface, I'm not able to log all the information that I normally do - such as the session ID, remote address and so on. I know I can log this information from onLogin() method of an Ftplet, but then I would not have any information on why the login has actually failed. All I've is - 530 Authentication Failed reply.

      Another benefit would be if I want to implement my user manager based on user name and IP address. For example let User1 login if and only if he is connecting from IP address xxx.xxx.xxx.xxx. Not sure if any one does this kind of authentication, but in case if some one want to, this change should help.

      More info about this feature request can be found in the thread - http://www.mail-archive.com/dev@mina.apache.org/msg12942.html.

        Activity

        Hide
        Sai Pullabhotla added a comment -

        Another reason where this change would be useful is:

        If I want to force some users (not all) log in to the FTPS server using client certificate and passwords, I could use the FtpSession.getClientCertificates() method in the authenticate method to determine if the user should be allowed access or not.

        Show
        Sai Pullabhotla added a comment - Another reason where this change would be useful is: If I want to force some users (not all) log in to the FTPS server using client certificate and passwords, I could use the FtpSession.getClientCertificates() method in the authenticate method to determine if the user should be allowed access or not.
        Hide
        Niklas Gustavsson added a comment -

        The client certificate chain is already available to the UserManager in the UserMetadata class (calling authentication.getUserMetadata().getCertificateChain()).

        Show
        Niklas Gustavsson added a comment - The client certificate chain is already available to the UserManager in the UserMetadata class (calling authentication.getUserMetadata().getCertificateChain()).
        Hide
        Sai Pullabhotla added a comment -

        As a temporary (could be permanent too) solution, what do you think of:

        wrapping the FtpSession in the Authentication object or in the UserMetaData? I think it makes sense to have it in the Authentication object. At least, gets the job done!

        Show
        Sai Pullabhotla added a comment - As a temporary (could be permanent too) solution, what do you think of: wrapping the FtpSession in the Authentication object or in the UserMetaData? I think it makes sense to have it in the Authentication object. At least, gets the job done!

          People

          • Assignee:
            Unassigned
            Reporter:
            Sai Pullabhotla
          • Votes:
            2 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:

              Development