Component org.nuxeo.ecm.login.token.authentication.contrib
In bundle org.nuxeo.ecm.platform.login.token
Contributions
- org.nuxeo.ecm.login.token.authentication.contrib--authenticators
- org.nuxeo.ecm.login.token.authentication.contrib--specificChains
XML Source
<?xml version="1.0"?>
<component name="org.nuxeo.ecm.login.token.authentication.contrib">
<!-- Replace Automation specific authentication chain -->
<require>org.nuxeo.ecm.automation.server.auth.config</require>
<extension target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point="authenticators">
<documentation>
Authentication plugin using a token to validate
identity. This token is sent as a HTTP request header.
The user is retrieved looking into a directory mapping unique tokens to user names.
This Authentication Plugin is
configured to be
used with the Trusting_LM LoginModule plugin
=> no password check will be done, a
principal will be
created from the userName if the user exists in the user directory.
Set the allowAnonymous parameter to true to
allow token authentication for anonymous user.
@author
Antoine Taillefer (ataillefer@nuxeo.com)
</documentation>
<authenticationPlugin name="TOKEN_AUTH" enabled="true"
class="org.nuxeo.ecm.platform.ui.web.auth.token.TokenAuthenticator">
<loginModulePlugin>Trusting_LM</loginModulePlugin>
<parameters>
<parameter name="allowAnonymous">false</parameter>
</parameters>
</authenticationPlugin>
</extension>
<extension target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point="specificChains">
<documentation>
Override Automation specific authentication chain to
use token authentication just after basic one.
</documentation>
<specificAuthenticationChain name="Automation" handlePrompt="false">
<urlPatterns>
<url>(.*)/automation.*</url>
</urlPatterns>
<replacementChain>
<plugin>AUTOMATION_BASIC_AUTH</plugin>
<plugin>TOKEN_AUTH</plugin>
</replacementChain>
</specificAuthenticationChain>
<specificAuthenticationChain name="RestAPI">
<urlPatterns>
<url>(.*)/api/v.*</url>
</urlPatterns>
<replacementChain>
<plugin>AUTOMATION_BASIC_AUTH</plugin>
<plugin>TOKEN_AUTH</plugin>
</replacementChain>
</specificAuthenticationChain>
<documentation>
Use token authentication if the related request
header is sent.
</documentation>
<specificAuthenticationChain name="TokenAuth">
<headers>
<header name="X-Authentication-Token">.*</header>
</headers>
<replacementChain>
<plugin>TOKEN_AUTH</plugin>
</replacementChain>
</specificAuthenticationChain>
</extension>
</component>