# Server Side Customized Authentication

In this example, we will demonstrate how to design a custom plugin with additional authentication checks.
As a result, in this POC with two sites, site-2 will NOT be able to start and register with the server. It will be blocked by the ServerCustomSecurityHandler logic during client registration.

## Define a server side security handler

Note that the customized handler raises NotAuthenticated("site_2 not allowed to register")

In [None]:
!cat security/server/custom/security_handler.py


To register this plugin handler, we need to add this component to the server site's local configuration
by adding it to the components array:

```
    components: [
    ...
            {
                "id": "security_handler",
                "path": "security_handler.ServerCustomSecurityHandler"
            }
    ]  
```  

In this example, we will copy the "custom" folder and use the Python script `edit_site_local_resources.py` to create "resources.json" in the site local directory.

> Note: 
You don't need to use the Python code to generate this resources.json. You can manually create resources.json by copying from or renaming "resources.json.default", then adding the above component element.


In [None]:

! echo y | nvflare poc prepare

In [None]:


!cp -r security/server/* /tmp/nvflare/poc/example_project/prod_00/server/local/.
!python edit_site_local_resources.py server /tmp/nvflare/poc/example_project/prod_00

In [None]:
# double check
! tree /tmp/nvflare/poc/example_project/prod_00/server/local/ 

In [None]:
!cat /tmp/nvflare/poc/example_project/prod_00/server/local/resources.json

Now, go to a terminal and try to start FL system with 

```

nvflare poc start -ex admin@nvidia.com
```

See what happens

You should see something like this: 


```
2025-02-02 16:35:40,059 - Communicator - INFO - Trying to register with server ...
2025-02-02 16:35:40,060 - ServerCustomSecurityHandler - ERROR - [identity=server, run=?, peer=site-2, peer_run=?] - Exception when handling event "_client_register_received": NotAuthenticated: site-2 not allowed to register


```

In [None]:
# Clean up
! nvflare poc stop
! nvflare poc clean