Platform Explorer / Nuxeo Platform LTS 2019 10.10

Component org.nuxeo.ecm.login.token.authentication.contrib

Requirements

Resolution Order

632
The resolution order represents the order in which this component has been resolved by the Nuxeo Runtime framework.
You can influence this order by adding "require" tags in your component declaration, to make sure it is resolved after another component.

Contributions

XML Source

<?xml version='1.0' encoding='UTF-8'?>
<component name="org.nuxeo.ecm.login.token.authentication.contrib">

  <!-- Replace Automation specific authentication chain -->
  <require>org.nuxeo.ecm.automation.server.auth.config</require>

  <extension target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point="authenticators">

    <documentation>
      Authentication plugin using a token to validate
      identity. This token is sent as a HTTP request header.

      The user is retrieved looking into a directory mapping unique tokens to user names.

      This Authentication Plugin is
      configured to be
      used with the Trusting_LM LoginModule plugin
      => no password check will be done, a
      principal will be
      created from the userName if the user exists in the user directory.

      Set the allowAnonymous parameter to true to
      allow token authentication for anonymous user.

      @author
      Antoine Taillefer (ataillefer@nuxeo.com)
    </documentation>

    <authenticationPlugin name="TOKEN_AUTH" enabled="true" class="org.nuxeo.ecm.platform.ui.web.auth.token.TokenAuthenticator">
      <loginModulePlugin>Trusting_LM</loginModulePlugin>
      <parameters>
        <parameter name="allowAnonymous">false</parameter>
      </parameters>
    </authenticationPlugin>

  </extension>

  <extension target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point="specificChains">

    <documentation>
      Override Automation specific authentication chain to
      use token authentication just after basic one.
    </documentation>

    <specificAuthenticationChain name="Automation">

      <urlPatterns>
        <url>(.*)/automation.*</url>
      </urlPatterns>
      <replacementChain>
        <plugin>AUTOMATION_BASIC_AUTH</plugin>
        <plugin>TOKEN_AUTH</plugin>
        <plugin>OAUTH2_AUTH</plugin>
        <plugin>JWT_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>

    <specificAuthenticationChain name="RestAPI">
      <urlPatterns>
        <url>(.*)/api/v.*</url>
      </urlPatterns>
      <replacementChain>
        <plugin>AUTOMATION_BASIC_AUTH</plugin>
        <plugin>TOKEN_AUTH</plugin>
        <plugin>OAUTH2_AUTH</plugin>
        <plugin>JWT_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>



    <documentation>
      Use token authentication if the related request
      header is sent.
    </documentation>

    <specificAuthenticationChain name="TokenAuth">
      <headers>
        <header name="X-Authentication-Token">.*</header>
      </headers>
      <replacementChain>
        <plugin>TOKEN_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>

  </extension>

  <extension target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point="startURL">

    <startURLPattern>
      <patterns>
        <pattern>acquire_token.jsp</pattern>
      </patterns>
    </startURLPattern>

  </extension>

</component>