Differences

This shows you the differences between two versions of the page.

--- jvx:server:security:mfa [2022/11/18 13:13]
admin
+++ jvx:server:security:mfa [2022/11/22 09:59] (current)
admin
@@ Line 58: / Line 58: @@
 </file>
-The emails itself are configured as templates. The standard templates are located in package ''/com/sibvisions/rad/server/security/mfa/auth/''. If you create custom templates, define your own package via:
+The email is configured as template. The standard templates are located in package ''/com/sibvisions/rad/server/security/mfa/auth/''. If you create custom templates, define your own package via ''searchpath'':
 <file xml>
 <authenticator>
   <searchpath>com/myapp/mfa/auth</searchpath>
-</authenticator
+</authenticator>
 </file>
 The template mechanism loads different files. The first one is the translation file and the second one is the template html:
-  * translation_mfa_<language_code>.xml
+  * package/translation_mfa_<language_code>.xml
-  * trasnlation_mfa.xml (fallback: if no language specific xml file was found)
+  * package/translation_mfa.xml (fallback: if no language specific xml file was found)
-  * confirmationcode_<language_code>.html
+  * package/confirmationcode_<language_code>.html
-  * confirmationcode.html (fallback: if no language specific html file was found)
+  * package/confirmationcode.html (fallback: if no language specific html file was found)
-The template should contain placeholders: [CONFIRMATION_CODE], [TIMEOUT]
+The template should contain placeholders: [CONFIRMATION_CODE], [TIMEOUT].\\
 This placehoders will be replaced with generated values.
@@ Line 81: / Line 81: @@
 Confirmation code: [CONFIRMATION_CODE] is valid for [TIMEOUT] seconds
 </file>
+The UI will look like this screenshot:
+{{:jvx:server:security:textinput.png?nolink&400|}}
+The ''TextInputMFAuthenticator'' is one of three default authenticators. The other two are
+  * ''com.sibvisions.rad.server.security.mfa.auth.WaitMFAuthenticator''
+  * ''com.sibvisions.rad.server.security.mfa.auth.AbstractURLMFAuthenticator''
+If you configure the ''WaitMFAuthenticator'', the UI will look like this screenshot:
+{{:jvx:server:security:wait.png?nolink&400|}}
+The wait authenticator can be use to wait for verification. The verification process is not included in JVx. You have to implement your own ''com.sibvisions.rad.server.security.mfa.auth.IWaitNotificationHandler'' and add it to the configuration, e.g.:
+<file xml>
+<authenticator>
+  ...
+  <notificationhandler>com.myapp.mfa.auth.MyWaitNotificationHandler</notificationhandler>
+</authenticator>
+</file>
+The timeout for verification can be configured in config.xml as well, e.g.
+<file xml>
+<securitymanager>
+  <mfa>
+    <!-- milliseconds, 10 seconds -->
+    <timeout>10000</timeout>
+  </mfa>
+</securitymanager>
+</file>
+If you configure a timeout which is lower 1, the default timeout of 5 minutes (300000) will be used.
+The last built-in MF authenticator is the ''AbstractURLMFAuthenticator''. This authentication method is not fully implemented because it requires an external service for user authentication. The URL authentication mechanism requires your own extension of ''com.sibvisions.rad.server.security.mfa.auth.AbstractURLMFAuthenticator''. The class requires two methods:
+<file java>
+/**
+ * Creates a new {@link Link}.
+ *
+ * @param pToken the access token
+ * @param pSession the session
+ * @param pUser the user information
+ * @return the URL
+ */
+protected abstract Link createLink(AccessToken pToken, ISession pSession, UserInfo pUser);
+/**
+ * Gets whether the confirmation is finished.
+ *
+ * @param pToken the access token
+ * @param pSession the session
+ * @return <code>true</code> if confirmation is successful, <code>false</code> otherwise
+ */
+protected abstract boolean isConfirmed(AccessToken pToken, ISession pSession);
+</file>
+The implementation shouldn't be a problem. Simply send the link to the external authentication system and check if user is verified/authenticated. That's all.
+The UI will show the URL as link or embedded in an iframe:
+{{:jvx:server:security:url.png?nolink&400|}}
+If default MFA implementations of JVx do not fit your needs, it's no problem to implement your own MF authentication. The MFA support is available in the [[https://sourceforge.net/p/jvx/code/HEAD/tree/trunk/java/library/src/com/sibvisions/rad/server/security/mfa/MFAHandler.java|MFAHandler]] class and this class can be used in your own security managers or MF authenticators.
+<file xml>
+<securitymanager>
+  <class>com.sibvisions.rad.server.security.mfa.MFASecurityManager</class>
+  <mfa enabled="true">
+    <class>com.sibvisions.rad.server.security.XmlSecurityManager</class>
+    <authenticator>
+      <class>ccom.sibvisions.rad.server.security.mfa.auth.MultiWaitMFAuthenticator</class>
+    </authenticator>
+  </mfa>
+  <userfile>users.xml</userfile>
+</securitymanager>
+</file>
+The full source code of the authenticator is available [[https://sourceforge.net/p/jvx/code/HEAD/tree/trunk/java/library/test/com/sibvisions/rad/server/security/mfa/auth/MultiWaitMFAuthenticator.java|here]].