Platform Explorer / Nuxeo Platform LTS 2017 9.10

Component org.nuxeo.ecm.login.token.authentication.contrib

In bundle org.nuxeo.ecm.platform.login.token

Contributions

XML Source

<?xml version="1.0"?>
<component name="org.nuxeo.ecm.login.token.authentication.contrib">

  <!-- Replace Automation specific authentication chain -->
  <require>org.nuxeo.ecm.automation.server.auth.config</require>

  <extension target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point="authenticators">

    <documentation>
      Authentication plugin using a token to validate
      identity. This token is sent as a HTTP request header.

      The user is retrieved looking into a directory mapping unique tokens to user names.

      This Authentication Plugin is
      configured to be
      used with the Trusting_LM LoginModule plugin
      => no password check will be done, a
      principal will be
      created from the userName if the user exists in the user directory.

      Set the allowAnonymous parameter to true to
      allow token authentication for anonymous user.

      @author
      Antoine Taillefer (ataillefer@nuxeo.com)
    </documentation>

    <authenticationPlugin name="TOKEN_AUTH" enabled="true"
      class="org.nuxeo.ecm.platform.ui.web.auth.token.TokenAuthenticator">
      <loginModulePlugin>Trusting_LM</loginModulePlugin>
      <parameters>
        <parameter name="allowAnonymous">false</parameter>
      </parameters>
    </authenticationPlugin>

  </extension>

  <extension target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point="specificChains">

    <documentation>
      Override Automation specific authentication chain to
      use token authentication just after basic one.
    </documentation>

    <specificAuthenticationChain name="Automation">

      <urlPatterns>
        <url>(.*)/automation.*</url>
      </urlPatterns>
      <replacementChain>
        <plugin>AUTOMATION_BASIC_AUTH</plugin>
        <plugin>TOKEN_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>

    <specificAuthenticationChain name="RestAPI">
      <urlPatterns>
        <url>(.*)/api/v.*</url>
      </urlPatterns>
      <replacementChain>
        <plugin>AUTOMATION_BASIC_AUTH</plugin>
        <plugin>TOKEN_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>



    <documentation>
      Use token authentication if the related request
      header is sent.
    </documentation>

    <specificAuthenticationChain name="TokenAuth">
      <headers>
        <header name="X-Authentication-Token">.*</header>
      </headers>
      <replacementChain>
        <plugin>TOKEN_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>

  </extension>

  <extension target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point="startURL">

    <startURLPattern>
      <patterns>
        <pattern>acquire_token.jsp</pattern>
      </patterns>
    </startURLPattern>

  </extension>

</component>