. . .

Authentication checks in Native Modules

The delivered libraries contain several helper methods which make it possible to do additional authentication and authorization in custom code. The following methods are available in the AOM object (accessible through the model or <modulename>.AOM):

/**
* Checks the credentials given in the request. This method will return false if the request was not from a customer
* or organization or the credentials did not match
*
* @param r the request to check
* @return true, if the credentials in request are correct and the requestor was an organization or customer
*/
public boolean checkAccountRequestCredentials( final Request r );
 
/**
* Checks the credentials given in the request. This method will return false if the request was not from a user or
* the credentials did not match
*
* @param r the request to check
* @return true, if the credentials in request are correct and the requestor was a user
*/
public boolean checkUserRequestCredentials( final Request r );
 
/**
* Checks the credentials given in the request. This method will return the authenticated user or null if
* the credentials did not match
*
* @param r the request to check
* @return authenticated user or null if the credentials did not match
*/
public IModel<?> checkUserRequestCredentialsAndReturn( final Request r );
 
/**
* Checks the apiKey given in the request. This method will return true if the apikey is equal.
*
* @param r the request to check
* @return true, if the apikey in request is equal to the apikey for the current system
*/
public boolean checkRequestApikey( final Request r );
 
/**
* Returns the roles of the requesting customer for the requested app and system.
* If the requester is not a customer or no app is given, it will return an empty array.
* It will also return an empty array, if the request credentials are invalid.
*
* @param r the request
* @return the roles of the requesting customer for the requested app and system.
*/
public Set<CustomerRole> getRequesterAppRoles( final Request r );

The model itself has another method whoich checks access on that model for the current request user. If access is denied, an exception will be thrown.

model.verifyRequest( httpVerb, request )

Furthermore, the request object contains information about the username, password, token or api key. Most of the values can be fetched using the self-declaring getter methods. To check, if a requester is an organization or customer, the following method can be used:

boolean request.getIsAccountRequest()

If the request was sent from an organization or customer, the attribute accountName contains the respective value:

String request.getAccountName()

More extensive checks can be implemented using direct access to the token or password in the following manner (MyUser inherits from User, "MyModule" is the name of the NativeModule):

IModel<?>[ ] users = MyModule.AOM.findByNames( appName, "MyModule", "MyUser","userName==\"" + this.getAOMRequest( ).getUserEmail( ) + "\"" );
if ( users != null && users.length == 1 )
{
MyUser requestingUser = ( MyUser ) users[ 0 ];
if ( requestingUser.getSessionToken( ) != null && requestingUser.getSessionToken( ).equals( getAOMRequest( ).getUserToken( ) ) )
{
MyModule.AOM.log( appName, "Token OK!" );
}
}
* link only available in Enterprise Documentation