Platform Explorer / server 10.10

Extension point specificChains

Contribute specific authentication chain for specific urls or request headers. This is usefull to be able to change the authentication plugins used for a dedicated protocol (WSS, WebDav ...)

Contribution Descriptor

Existing Contributions

  • nuxeo-automation-server-10.10.jar /OSGI-INF/auth-contrib.xml
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
    
        <specificAuthenticationChain name="Automation">
            <urlPatterns>
                <url>(.*)/automation.*</url>
            </urlPatterns>
    
            <replacementChain>
                <plugin>AUTOMATION_BASIC_AUTH</plugin>
            </replacementChain>
        </specificAuthenticationChain>
    
      </extension>
  • nuxeo-opencmis-bindings-10.10.jar /OSGI-INF/json-contrib.xml
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
    
        <specificAuthenticationChain name="JSON_CMIS">
          <urlPatterns>
            <url>(.*)/json/cmis(/.*)?</url>
          </urlPatterns>
          <replacementChain>
            <plugin>AUTOMATION_BASIC_AUTH</plugin>
            <plugin>TOKEN_AUTH</plugin>
            <plugin>OAUTH2_AUTH</plugin>
            <plugin>JWT_AUTH</plugin>
          </replacementChain>
        </specificAuthenticationChain>
    
      </extension>
  • nuxeo-drive-jsf-10.10.jar /OSGI-INF/nuxeodrive-token-authentication-contrib.xml
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
    
        <specificAuthenticationChain name="DriveMetadata">
          <urlPatterns>
            <url>(.*)/view_drive_metadata.*</url>
          </urlPatterns>
          <replacementChain>
            <plugin>STATEFUL_TOKEN_AUTH</plugin>
          </replacementChain>
        </specificAuthenticationChain>
    
      </extension>
  • nuxeo-opencmis-bindings-10.10.jar /OSGI-INF/atom-contrib.xml
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
    
        <specificAuthenticationChain name="ATOM_CMIS">
    
          <urlPatterns>
            <url>(.*)/atom/cmis(/.*)?</url>
            <url>(.*)/atom/cmis10(/.*)?</url>
          </urlPatterns>
          <replacementChain>
            <plugin>AUTOMATION_BASIC_AUTH</plugin>
            <plugin>TOKEN_AUTH</plugin>
            <plugin>OAUTH2_AUTH</plugin>
            <plugin>JWT_AUTH</plugin>
          </replacementChain>
        </specificAuthenticationChain>
    
      </extension>
  • nuxeo-webdav-10.10.jar /OSGI-INF/auth-contrib.xml
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
        <specificAuthenticationChain name="WebDAV">
            <urlPatterns>
                <url>(.*)/site/dav.*</url>
            </urlPatterns>
            <replacementChain>
                <plugin>DIGEST_AUTH</plugin>
                <plugin>WEBDAV_BASIC_AUTH</plugin>
                <plugin>ANONYMOUS_AUTH</plugin>
            </replacementChain>
        </specificAuthenticationChain>
        <specificAuthenticationChain name="WebDAV_Root">
          <headers>
            <header name="User-Agent">(Microsoft-WebDAV-MiniRedir|DavClnt|litmus|gvfs|gnome-vfs|davfs|WebDAV|cadaver|BitKinex|GoodReader|DataAccess|iWorkHTTPKit).*</header>
          </headers>
    
          <replacementChain>
            <plugin>DIGEST_AUTH</plugin>
            <plugin>WEBDAV_BASIC_AUTH</plugin>
          </replacementChain>
        </specificAuthenticationChain>
      </extension>
  • nuxeo-platform-login-token-10.10.jar /OSGI-INF/token-authentication-contrib.xml
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
    
        <documentation>
          Override Automation specific authentication chain to
          use token authentication just after basic one.
        </documentation>
    
        <specificAuthenticationChain name="Automation">
    
          <urlPatterns>
            <url>(.*)/automation.*</url>
          </urlPatterns>
          <replacementChain>
            <plugin>AUTOMATION_BASIC_AUTH</plugin>
            <plugin>TOKEN_AUTH</plugin>
            <plugin>OAUTH2_AUTH</plugin>
            <plugin>JWT_AUTH</plugin>
          </replacementChain>
        </specificAuthenticationChain>
    
        <specificAuthenticationChain name="RestAPI">
          <urlPatterns>
            <url>(.*)/api/v.*</url>
          </urlPatterns>
          <replacementChain>
            <plugin>AUTOMATION_BASIC_AUTH</plugin>
            <plugin>TOKEN_AUTH</plugin>
            <plugin>OAUTH2_AUTH</plugin>
            <plugin>JWT_AUTH</plugin>
          </replacementChain>
        </specificAuthenticationChain>
    
    
    
        <documentation>
          Use token authentication if the related request
          header is sent.
        </documentation>
    
        <specificAuthenticationChain name="TokenAuth">
          <headers>
            <header name="X-Authentication-Token">.*</header>
          </headers>
          <replacementChain>
            <plugin>TOKEN_AUTH</plugin>
          </replacementChain>
        </specificAuthenticationChain>
    
      </extension>
  • nuxeo-rest-api-server-10.10.jar /OSGI-INF/auth-contrib.xml
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
    
        <specificAuthenticationChain name="RestAPI">
            <urlPatterns>
                <url>(.*)/api/v.*</url>
            </urlPatterns>
    
            <replacementChain>
                <plugin>AUTOMATION_BASIC_AUTH</plugin>
                <plugin>TOKEN_AUTH</plugin>
                <plugin>OAUTH2_AUTH</plugin>
                <plugin>JWT_AUTH</plugin>
            </replacementChain>
        </specificAuthenticationChain>
    
      </extension>