Differences

This shows you the differences between two versions of the page.

--- jvx:server:security:mfa [2022/11/18 13:58]
admin
+++ jvx:server:security:mfa [2022/11/22 09:59] (current)
admin
@@ Line 63: / Line 63: @@
 <authenticator>
   <searchpath>com/myapp/mfa/auth</searchpath>
-</authenticator
+</authenticator>
 </file>
@@ Line 90: / Line 90: @@
   * ''com.sibvisions.rad.server.security.mfa.auth.WaitMFAuthenticator''
   * ''com.sibvisions.rad.server.security.mfa.auth.AbstractURLMFAuthenticator''
+If you configure the ''WaitMFAuthenticator'', the UI will look like this screenshot:
+{{:jvx:server:security:wait.png?nolink&400|}}
+The wait authenticator can be use to wait for verification. The verification process is not included in JVx. You have to implement your own ''com.sibvisions.rad.server.security.mfa.auth.IWaitNotificationHandler'' and add it to the configuration, e.g.:
+<file xml>
+<authenticator>
+  ...
+  <notificationhandler>com.myapp.mfa.auth.MyWaitNotificationHandler</notificationhandler>
+</authenticator>
+</file>
+The timeout for verification can be configured in config.xml as well, e.g.
+<file xml>
+<securitymanager>
+  <mfa>
+    <!-- milliseconds, 10 seconds -->
+    <timeout>10000</timeout>
+  </mfa>
+</securitymanager>
+</file>
+If you configure a timeout which is lower 1, the default timeout of 5 minutes (300000) will be used.
+The last built-in MF authenticator is the ''AbstractURLMFAuthenticator''. This authentication method is not fully implemented because it requires an external service for user authentication. The URL authentication mechanism requires your own extension of ''com.sibvisions.rad.server.security.mfa.auth.AbstractURLMFAuthenticator''. The class requires two methods:
+<file java>
+/**
+ * Creates a new {@link Link}.
+ *
+ * @param pToken the access token
+ * @param pSession the session
+ * @param pUser the user information
+ * @return the URL
+ */
+protected abstract Link createLink(AccessToken pToken, ISession pSession, UserInfo pUser);
+/**
+ * Gets whether the confirmation is finished.
+ *
+ * @param pToken the access token
+ * @param pSession the session
+ * @return <code>true</code> if confirmation is successful, <code>false</code> otherwise
+ */
+protected abstract boolean isConfirmed(AccessToken pToken, ISession pSession);
+</file>
+The implementation shouldn't be a problem. Simply send the link to the external authentication system and check if user is verified/authenticated. That's all.
+The UI will show the URL as link or embedded in an iframe:
+{{:jvx:server:security:url.png?nolink&400|}}
+If default MFA implementations of JVx do not fit your needs, it's no problem to implement your own MF authentication. The MFA support is available in the [[https://sourceforge.net/p/jvx/code/HEAD/tree/trunk/java/library/src/com/sibvisions/rad/server/security/mfa/MFAHandler.java|MFAHandler]] class and this class can be used in your own security managers or MF authenticators.
+<file xml>
+<securitymanager>
+  <class>com.sibvisions.rad.server.security.mfa.MFASecurityManager</class>
+  <mfa enabled="true">
+    <class>com.sibvisions.rad.server.security.XmlSecurityManager</class>
+    <authenticator>
+      <class>ccom.sibvisions.rad.server.security.mfa.auth.MultiWaitMFAuthenticator</class>
+    </authenticator>
+  </mfa>
+  <userfile>users.xml</userfile>
+</securitymanager>
+</file>
+The full source code of the authenticator is available [[https://sourceforge.net/p/jvx/code/HEAD/tree/trunk/java/library/test/com/sibvisions/rad/server/security/mfa/auth/MultiWaitMFAuthenticator.java|here]].