Assuming existing users are stored in a SQL database (like MySQL), the detailed design and workflow may go like the following:
// Get the login module type ID, used to distinguish this module from others. // Should correspond to the server side module. String getLoginType() // Perform all the client side login logics, the results wrapped in an AuthToken, // will be validated by HAS server. AuthToken login(Conf loginConf) throws HasLoginException
// Get the login module type ID, used to distinguish this module from others. // Should correspond to the client side module. String getLoginType() // Perform all the server side authentication logics, the results wrapped in an AuthToken, // will be used to exchange a Kerberos ticket. AuthToken authenticate(AuthToken userToken) throws HasAuthenException
Please look at Getting Started for details.