Extension point userManager
Documentation
Configure the userManager.
The extension should use the format:
<userManager>
<users>
<directory>somedirectory</directory>
<emailField>mail</emailField>
<searchFields append="true">
<substringMatchSearchField>first</substringMatchSearchField>
<exactMatchSearchField>last</exactMatchSearchField>
</searchFields>
<listingMode>tabbed</listingMode>
<anonymousUser id="Anonymous">
<property name="firstName">Anonymous</property>
<property name="lastName">User</property>
</anonymousUser>
<virtualUser id="MyCustomAdministrator" searchable="false">
<password>secret</password>
<property name="firstName">My Custom</property>
<property name="lastName">Administrator</property>
<group>administrators</group>
</virtualUser>
<virtualUser id="MyCustomMember" searchable="false">
<password>secret</password>
<property name="firstName">My Custom</property>
<property name="lastName">Member</property>
<group>members</group>
<group>othergroup</group>
<propertyList name="listprop">
<value>item1</value>
<value>item2</value>
</propertyList>
</virtualUser>
<virtualUser id="ExistingVirtualUser" remove="true"/>
</users>
<defaultAdministratorId>admin</defaultAdministratorId>
<administratorsGroup>myAdministrators</administratorsGroup>
<disableDefaultAdministratorsGroup>
false
</disableDefaultAdministratorsGroup>
<userSortField>sn</userSortField>
<userPasswordPattern>^[a-zA-Z0-9]{5,}$</userPasswordPattern>
<groups>
<directory>somegroupdir</directory>
<membersField>members</membersField>
<groupLabelField>grouplabel</groupLabelField>
<subGroupsField>subgroups</subGroupsField>
<parentGroupsField>parentgroup</parentGroupsField>
<listingMode>search_only</listingMode>
<searchFields append="true">
<substringMatchSearchField>grouplabel</substringMatchSearchField>
<exactMatchSearchField>groupname</exactMatchSearchField>
</searchFields>
</groups>
<defaultGroup>members</defaultGroup>
<groupSortField>groupname</groupSortField>
</userManager>
If the element anonymousUser has the attribute remove="true", then the anonymous user will be disabled. The anonymous user is searchable by default.
If a virtual user has the attribute remove="true", it is removed from the list of virtual users. Virtual users are searchable by default, but it is not implemented yet... so you should keep the attribute searchable="false" to keep the same behaviour when it will be.
Virtual users with the "administrators" group will have the same rights than the default administrator.
New administrators groups can be added using the "administratorsGroup" tag. Several groups can be defined, adding as many tags as needed. The default group named "administrators" can be disabled by setting the "disableDefaultAdministratorsGroup" to "true" (defaults to false): only new defined administrators groups will then be taken into account. Note that disabling this default group should be done after setting up custom rights in the repository, as this group is usually defined as the group of users who have all permissions at the root of the repository.
Anonymous and virtual users properties have to match the users directory schema fields to be taken into account.
The userPasswordPattern format is specified by java.util.regex.Pattern.
The values for users listingMode are: "all", "tabbed", "search_only". (These values are defined in org.nuxeo.ecm.webapp.security.UserManagerActionsBean.)
The values for groups listingMode are: "all" and "search_only".
Contribution Descriptors
- Class: org.nuxeo.ecm.platform.usermanager.UserManagerDescriptor
Existing Contributions
Contributions are presented in the same order as the registration order on this extension point. This order is displayed before the contribution name, in brackets.
-
<extension point="userManager" target="org.nuxeo.ecm.platform.usermanager.UserService"> <userManager class="org.nuxeo.ecm.platform.computedgroups.UserManagerWithComputedGroups"> <users> <listingMode>search_only</listingMode> </users> </userManager> </extension>
-
<extension point="userManager" target="org.nuxeo.ecm.platform.usermanager.UserService"> <userManager> <digestAuthDirectory>digestauth</digestAuthDirectory> <digestAuthRealm>NUXEO</digestAuthRealm> <userCacheName>default-cache</userCacheName> </userManager> </extension>