[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Handle-info] Secret Key authentication in Java



Hey there!.


I'm trying to implement a username-password authentication system using Handle, however, I didn't find in the documentation the way to do it in a native Java implementation.


That is what I get or what I'm trying to do:


First of all I created a handle called "user1" that represent a username, with the password "password1":

55555/user1

      HS_ADMIN:100  --> 300:55555/
      HS_SECKEY:300 --> <"password1" encoded> (I encoded using Encoder.encodeSecretKey method)


Having this, I create a new handle in order to know that only user1 could access to handle information. This handle is called "example" and the password/secretkey is "passexample"

55555/example

     HS_ADMIN:100 --> 300:55555/

     HS_ADMIN:101 --> 300:55555/user1
     HS_SECKEY:300 --> <"passwordexample" encoded>


So, now, I would like to do, in Java (not using REST api), is a small piece of source code to verify that the authorization works fine. That is, try to resolve 55555/example handle and get null, empty or unauthorized message, and after that implements the authentication method (I guess is using SecretAuthenticationKeyInfo.authenticate() method, but I'm not sure) and try to resolve again (using this credentials) 55555/example, and get data field.


Although I defined HS_SECKEY handle-index, I could resolve Handle without any credentials (in Java as well as using the REST api), so I guess the authorization is not working :P.


Because permissions are rwr- everybody could get handle information. If I change to rw-- no one could get the information (obviously), so I'm not pretty sure which are the correct way to define permissions in this case. I guess rw-- but I'm not pretty sure.


Any ideas? Has anyone already implemented something similar or know how to do it or where I made mistakes? :D.


Thanks in advance and best regards!

_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info