Platform Explorer / Nuxeo Platform LTS 2017 9.10

Extension point specificChains

Documentation

Contribute specific authentication chain for specific urls or request headers. This is usefull to be able to change the authentication plugins used for a dedicated protocol (WSS, WebDav ...)

Contribution Descriptors

  • Class: org.nuxeo.ecm.platform.ui.web.auth.service.SpecificAuthChainDescriptor

Existing Contributions

Contributions are presented in the same order as the registration order on this extension point. This order is displayed before the contribution name, in brackets.

  • nuxeo-drive-jsf-9.10.jar /OSGI-INF/nuxeodrive-token-authentication-contrib.xml
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
    
        <specificAuthenticationChain name="DriveMetadata">
          <urlPatterns>
            <url>(.*)/view_drive_metadata.*</url>
          </urlPatterns>
          <replacementChain>
            <plugin>STATEFUL_TOKEN_AUTH</plugin>
          </replacementChain>
        </specificAuthenticationChain>
    
      </extension>
  • nuxeo-opencmis-bindings-9.10.jar /OSGI-INF/json-contrib.xml
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
    
        <specificAuthenticationChain name="JSON_CMIS">
          <urlPatterns>
            <url>(.*)/json/cmis(/.*)?</url>
          </urlPatterns>
          <replacementChain>
            <plugin>AUTOMATION_BASIC_AUTH</plugin>
            <plugin>TOKEN_AUTH</plugin>
          </replacementChain>
        </specificAuthenticationChain>
    
      </extension>
  • nuxeo-webdav-9.10.jar /OSGI-INF/auth-contrib.xml
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
        <specificAuthenticationChain name="WebDAV">
            <urlPatterns>
                <url>(.*)/site/dav.*</url>
            </urlPatterns>
            <replacementChain>
                <plugin>DIGEST_AUTH</plugin>
                <plugin>WEBDAV_BASIC_AUTH</plugin>
                <plugin>ANONYMOUS_AUTH</plugin>
            </replacementChain>
        </specificAuthenticationChain>
        <specificAuthenticationChain name="WebDAV_Root">
          <headers>
            <header name="User-Agent">(Microsoft-WebDAV-MiniRedir|DavClnt|litmus|gvfs|gnome-vfs|davfs|WebDAV|cadaver|BitKinex|GoodReader|DataAccess|iWorkHTTPKit).*</header>
          </headers>
    
          <replacementChain>
            <plugin>DIGEST_AUTH</plugin>
            <plugin>WEBDAV_BASIC_AUTH</plugin>
          </replacementChain>
        </specificAuthenticationChain>
      </extension>
  • nuxeo-rest-api-server-9.10.jar /OSGI-INF/auth-contrib.xml
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
    
        <specificAuthenticationChain name="RestAPI">
            <urlPatterns>
                <url>(.*)/api/v.*</url>
            </urlPatterns>
    
            <replacementChain>
                <plugin>AUTOMATION_BASIC_AUTH</plugin>
                <plugin>TOKEN_AUTH</plugin>
            </replacementChain>
        </specificAuthenticationChain>
    
      </extension>
  • nuxeo-opencmis-bindings-9.10.jar /OSGI-INF/atom-contrib.xml
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
    
        <specificAuthenticationChain name="ATOM_CMIS">
    
          <urlPatterns>
            <url>(.*)/atom/cmis(/.*)?</url>
            <url>(.*)/atom/cmis10(/.*)?</url>
          </urlPatterns>
          <replacementChain>
            <plugin>AUTOMATION_BASIC_AUTH</plugin>
            <plugin>TOKEN_AUTH</plugin>
          </replacementChain>
        </specificAuthenticationChain>
    
      </extension>
  • nuxeo-platform-login-token-9.10.jar /OSGI-INF/token-authentication-contrib.xml
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
    
        <documentation>
          Override Automation specific authentication chain to
          use token authentication just after basic one.
        </documentation>
    
        <specificAuthenticationChain name="Automation">
    
          <urlPatterns>
            <url>(.*)/automation.*</url>
          </urlPatterns>
          <replacementChain>
            <plugin>AUTOMATION_BASIC_AUTH</plugin>
            <plugin>TOKEN_AUTH</plugin>
          </replacementChain>
        </specificAuthenticationChain>
    
        <specificAuthenticationChain name="RestAPI">
          <urlPatterns>
            <url>(.*)/api/v.*</url>
          </urlPatterns>
          <replacementChain>
            <plugin>AUTOMATION_BASIC_AUTH</plugin>
            <plugin>TOKEN_AUTH</plugin>
          </replacementChain>
        </specificAuthenticationChain>
    
    
    
        <documentation>
          Use token authentication if the related request
          header is sent.
        </documentation>
    
        <specificAuthenticationChain name="TokenAuth">
          <headers>
            <header name="X-Authentication-Token">.*</header>
          </headers>
          <replacementChain>
            <plugin>TOKEN_AUTH</plugin>
          </replacementChain>
        </specificAuthenticationChain>
    
      </extension>
  • nuxeo-automation-server-9.10.jar /OSGI-INF/auth-contrib.xml
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
    
        <specificAuthenticationChain name="Automation">
            <urlPatterns>
                <url>(.*)/automation.*</url>
            </urlPatterns>
    
            <replacementChain>
                <plugin>AUTOMATION_BASIC_AUTH</plugin>
            </replacementChain>
        </specificAuthenticationChain>
    
      </extension>