Extension point specificChains

In component org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService

Documentation

Contribute specific authentication chain for specific urls or request headers. This is usefull to be able to change the authentication plugins used for a dedicated protocol (WSS, WebDav ...)

Contribution Descriptors

Class: org.nuxeo.ecm.platform.ui.web.auth.service.SpecificAuthChainDescriptor

Existing Contributions

Contributions are presented in the same order as the registration order on this extension point. This order is displayed before the contribution name, in brackets.

<extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">

    <specificAuthenticationChain name="WSS">
      <urlPatterns>
        <url>(.*)/_vti_.*</url>
      </urlPatterns>
      <headers>
        <header name="User-Agent">MSFrontPage.*</header>
      </headers>

      <replacementChain>
        <plugin>DIGEST_AUTH</plugin>
        <plugin>WEBDAV_BASIC_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>

  </extension>

(?) nuxeo-wss-6.0.jar Override

<extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">

    <documentation>
      Override Automation specific authentication chain to
      use token authentication just after basic one.
    </documentation>

    <specificAuthenticationChain name="Automation">

      <urlPatterns>
        <url>(.*)/automation.*</url>
      </urlPatterns>
      <replacementChain>
        <plugin>AUTOMATION_BASIC_AUTH</plugin>
        <plugin>TOKEN_AUTH</plugin>
        <plugin>ANONYMOUS_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>

    <specificAuthenticationChain name="RestAPI">
      <urlPatterns>
        <url>(.*)/api/v.*</url>
      </urlPatterns>
      <replacementChain>
        <plugin>AUTOMATION_BASIC_AUTH</plugin>
        <plugin>TOKEN_AUTH</plugin>
        <plugin>ANONYMOUS_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>



    <documentation>
      Use token authentication if the related request
      header is sent.
    </documentation>

    <specificAuthenticationChain name="TokenAuth">
      <headers>
        <header name="X-Authentication-Token">.*</header>
      </headers>
      <replacementChain>
        <plugin>TOKEN_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>

  </extension>

(?) nuxeo-platform-login-token-6.0.jar Override

<extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
    <specificAuthenticationChain name="WebDAV">
        <urlPatterns>
            <url>(.*)/site/dav.*</url>
        </urlPatterns>
        <replacementChain>
            <plugin>DIGEST_AUTH</plugin>
            <plugin>WEBDAV_BASIC_AUTH</plugin>
            <plugin>ANONYMOUS_AUTH</plugin>
        </replacementChain>
    </specificAuthenticationChain>
    <specificAuthenticationChain name="WebDAV_Root">
      <headers>
        <header name="User-Agent">(Microsoft-WebDAV-MiniRedir|DavClnt|litmus|gvfs|gnome-vfs|davfs|WebDAV|cadaver|BitKinex|GoodReader|DataAccess|iWorkHTTPKit).*</header>
      </headers>

      <replacementChain>
        <plugin>DIGEST_AUTH</plugin>
        <plugin>WEBDAV_BASIC_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>
  </extension>

(?) nuxeo-webdav-6.0.jar Override

<extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">

    <specificAuthenticationChain name="Automation">
        <urlPatterns>
            <url>(.*)/automation.*</url>
        </urlPatterns>

        <replacementChain>
            <plugin>AUTOMATION_BASIC_AUTH</plugin>
            <plugin>ANONYMOUS_AUTH</plugin>
        </replacementChain>
    </specificAuthenticationChain>

  </extension>

(?) nuxeo-automation-server-6.0.jar Override

<extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">

    <specificAuthenticationChain name="RestAPI">
        <urlPatterns>
            <url>(.*)/api/v.*</url>
        </urlPatterns>

        <replacementChain>
            <plugin>AUTOMATION_BASIC_AUTH</plugin>
            <plugin>TOKEN_AUTH</plugin>
            <plugin>ANONYMOUS_AUTH</plugin>
        </replacementChain>
    </specificAuthenticationChain>

  </extension>

(?) nuxeo-rest-api-server-6.0.jar Override

<extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
    <specificAuthenticationChain name="Opensocial">
        <urlPatterns>
            <url>/nuxeo/opensocial/gadgets/ifr.*</url>
        </urlPatterns>
        <replacementChain>
            <plugin>OPENSOCIAL_FORM_AUTH</plugin>
        </replacementChain>
    </specificAuthenticationChain>
  </extension>

(?) nuxeo-opensocial-container-6.0.jar Override

<extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">

    <specificAuthenticationChain name="DriveMetadata">
      <urlPatterns>
        <url>(.*)/view_drive_metadata.*</url>
      </urlPatterns>
      <replacementChain>
        <plugin>STATEFUL_TOKEN_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>

  </extension>

(?) nuxeo-drive-jsf-6.0.jar Override

<extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
    <specificAuthenticationChain name="mobile-app">
      <urlPatterns>
        <url>/.+/site/mobile[./]*</url>
      </urlPatterns>

      <replacementChain>
        <plugin>BASIC_AUTH_STATEFUL</plugin>
        <plugin>FORM_WEBENGINE_APPLICATION_AUTH</plugin>
        <plugin>FORM_AUTH</plugin>
        <plugin>ANONYMOUS_AUTH</plugin>
        <plugin>WEBSERVICES_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>
  </extension>

(?) nuxeo-web-mobile-cap-6.0.jar Override