This topic describes how you can use the Authentication
Manager Service API (Java) to enable your client applications to
programmatically authenticate users.
User authentication may be required to interact with an enterprise
database or other enterprise repositories that store secure data.
Consider, for example, a scenario where a user enters a user
name and password into a web page and submits the values to a J2EE
application server hosting Forms. A Forms custom application can
authenticate the user with the Authentication Manager service.
If the authentication is successful, the application accesses
a secured enterprise database. Otherwise, a message is sent to the
user stating that the user is not an authorized user.
The following diagram shows the application’s logic flow.
The following table describes the steps in this diagram
Step
|
Description
|
1
|
The user accesses a web site and specifies
a user name and password. This information is submitted to a J2EE
application server hosting LiveCycle.
|
2
|
The user credentials are authenticated with
the Authentication Manager service. If the user credentials are
valid, the workflow proceeds to step 3. Otherwise, a message is
sent to the user stating that the user is not an authorized user.
|
3
|
User information and a form design are retrieved
from a secured enterprise database.
|
4
|
User information is merged with a form design
and the form is rendered to the user.
|
Summary of steps
To programmatically authenticate a user, perform the following
steps:
-
Include project files.
-
Create an AuthenticationManagerService client.
-
Invoke the authentication operation.
-
If necessary, retrieve the context so that the client application
can forward it to another LiveCycle service for authentication.
Include project files
Include necessary files in your development
project. If you are creating a client application using Java, then
include the necessary JAR files. If you are using web services,
then make sure that you include the proxy files.
Create an AuthenticationManagerService client
Before you can
programmatically authenticate a user, you must create a AuthenticationManagerService
client. When using the Java API, create an
AuthenticationManagerServiceClient
object.
Invoke the authentication operation
Once you have created the
service client, you can then invoke the authentication operation.
This operation will need information about the user, such as the
user’s name and password. If the user does not authenticate, an
exception is thrown.
Retrieve the authentication context
Once you have authenticated
the user, you can create a context based in the authenticated user.
Then you can use the content to invoke another LiveCycle services. For example, you can use the context to create an
EncryptionServiceClient
and
encrypt a PDF document with a password. Ensure that the user that
was authenticated has the role named
Services User
that
is required to invoke a LiveCycle service.
Authenticate a user using the Java API
Authenticate a user using the Authentication Manager Service
API (Java):
-
Include project files.
Include client JAR files,
such as adobe-usermanager-client.jar, in your Java project’s class
path.
-
Create an AuthenticationManagerServices client.
Create
an
AuthenticationManagerServiceClient
object by
using its constructor and passing a
ServiceClientFactory
object
that contains connection properties.
-
Invoke the authentication operation.
Invoke the
AuthenticationManagerServiceClient
object’s
authenticate
method
and pass the following values:
-
A
java.lang.String
object
that contains the user’s name.
-
A byte array (a
byte[]
object) containing
the user’s password. You can obtain the
byte[]
object
by invoking the
java.lang.String
object’s
getBytes
method.
The
authenticate method returns an
AuthResult
object,
which contains information about the authenticated user.
-
Retrieve the authentication context.
Invoke the
ServiceClientFactory
object’s
getContext
method, which
will return a
Context
object.
Then invoke
the
Context
object’s
initPrincipal
method
and pass the
AuthResult
.
Authenticate a user using the web service API
Authenticate a user using the Authentication Manager Service
API (web service):
-
Include project files.
-
Create an AuthenticationManagerService client.
Create
a
AuthenticationManagerServiceService
object by
using your proxy class’ constructor.
-
Invoke the authentication operation.
Invoke the
AuthenticationManagerServiceClient
object’s
authenticate
method
and pass the following values:
-
A
string
object
that contains the user’s name
-
A byte array (a
byte[]
object) containing
the user’s password. You can obtain the
byte[]
object
by converting a
string
object containing the password
to a
byte[]
array using the logic shown in the
example below.
-
The returned value will be an
AuthResult
object,
which can be used to retrieve information about the user. In the
example below, the user’s information is retrieved by first obtaining
the
AuthResult
object’s
authenticatedUser
field
and subsequently obtaining the resultant
User
object’s
canonicalName
and
domainName
fields.
|
|
|