Extension point specificChains

In component org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService

Documentation

Contribute specific authentication chain for specific urls or request headers. This is usefull to be able to change the authentication plugins used for a dedicated protocol (WSS, WebDav ...)

Contribution Descriptors

Class: org.nuxeo.ecm.platform.ui.web.auth.service.SpecificAuthChainDescriptor

Existing Contributions

Contributions are presented in the same order as the registration order on this extension point. This order is displayed before the contribution name, in brackets.

<extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">

    <specificAuthenticationChain name="ATOM_CMIS">

      <urlPatterns>
        <url>(.*)/atom/cmis(/.*)?</url>
        <url>(.*)/atom/cmis10(/.*)?</url>
      </urlPatterns>
      <replacementChain>
        <plugin>AUTOMATION_BASIC_AUTH</plugin>
        <plugin>TOKEN_AUTH</plugin>
        <plugin>OAUTH2_AUTH</plugin>
        <plugin>JWT_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>

  </extension>

(0) nuxeo-opencmis-bindings-10.10.jar/OSGI-INF/atom-contrib.xml Override

<extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">

    <specificAuthenticationChain name="JSON_CMIS">
      <urlPatterns>
        <url>(.*)/json/cmis(/.*)?</url>
      </urlPatterns>
      <replacementChain>
        <plugin>AUTOMATION_BASIC_AUTH</plugin>
        <plugin>TOKEN_AUTH</plugin>
        <plugin>OAUTH2_AUTH</plugin>
        <plugin>JWT_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>

  </extension>

(1) nuxeo-opencmis-bindings-10.10.jar/OSGI-INF/json-contrib.xml Override

<extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">

    <specificAuthenticationChain name="Automation">
        <urlPatterns>
            <url>(.*)/automation.*</url>
        </urlPatterns>

        <replacementChain>
            <plugin>AUTOMATION_BASIC_AUTH</plugin>
        </replacementChain>
    </specificAuthenticationChain>

  </extension>

(2) nuxeo-automation-server-10.10-HF29.jar/OSGI-INF/auth-contrib.xml Override

<extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">

    <documentation>
      Override Automation specific authentication chain to
      use token authentication just after basic one.
    </documentation>

    <specificAuthenticationChain name="Automation">

      <urlPatterns>
        <url>(.*)/automation.*</url>
      </urlPatterns>
      <replacementChain>
        <plugin>AUTOMATION_BASIC_AUTH</plugin>
        <plugin>TOKEN_AUTH</plugin>
        <plugin>OAUTH2_AUTH</plugin>
        <plugin>JWT_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>

    <specificAuthenticationChain name="RestAPI">
      <urlPatterns>
        <url>(.*)/api/v.*</url>
      </urlPatterns>
      <replacementChain>
        <plugin>AUTOMATION_BASIC_AUTH</plugin>
        <plugin>TOKEN_AUTH</plugin>
        <plugin>OAUTH2_AUTH</plugin>
        <plugin>JWT_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>



    <documentation>
      Use token authentication if the related request
      header is sent.
    </documentation>

    <specificAuthenticationChain name="TokenAuth">
      <headers>
        <header name="X-Authentication-Token">.*</header>
      </headers>
      <replacementChain>
        <plugin>TOKEN_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>

  </extension>

(3) nuxeo-platform-login-token-10.10.jar/OSGI-INF/token-authentication-contrib.xml Override

<extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">

    <specificAuthenticationChain name="DriveMetadata">
      <urlPatterns>
        <url>(.*)/view_drive_metadata.*</url>
      </urlPatterns>
      <replacementChain>
        <plugin>STATEFUL_TOKEN_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>

  </extension>

(4) nuxeo-drive-jsf-10.10-HF01.jar/OSGI-INF/nuxeodrive-token-authentication-contrib.xml Override

<extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">

    <specificAuthenticationChain name="RestAPI">
        <urlPatterns>
            <url>(.*)/api/v.*</url>
        </urlPatterns>

        <replacementChain>
            <plugin>AUTOMATION_BASIC_AUTH</plugin>
            <plugin>TOKEN_AUTH</plugin>
            <plugin>OAUTH2_AUTH</plugin>
            <plugin>JWT_AUTH</plugin>
        </replacementChain>
    </specificAuthenticationChain>

  </extension>

(5) nuxeo-rest-api-server-10.10-HF32.jar/OSGI-INF/auth-contrib.xml Override

<extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
    <specificAuthenticationChain name="WebDAV">
        <urlPatterns>
            <url>(.*)/site/dav.*</url>
        </urlPatterns>
        <replacementChain>
            <plugin>DIGEST_AUTH</plugin>
            <plugin>WEBDAV_BASIC_AUTH</plugin>
            <plugin>ANONYMOUS_AUTH</plugin>
        </replacementChain>
    </specificAuthenticationChain>
    <specificAuthenticationChain name="WebDAV_Root">
      <headers>
        <header name="User-Agent">(Microsoft-WebDAV-MiniRedir|DavClnt|litmus|gvfs|gnome-vfs|davfs|WebDAV|cadaver|BitKinex|GoodReader|DataAccess|iWorkHTTPKit).*</header>
      </headers>

      <replacementChain>
        <plugin>DIGEST_AUTH</plugin>
        <plugin>WEBDAV_BASIC_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>
  </extension>

(6) nuxeo-webdav-10.10.jar/OSGI-INF/auth-contrib.xml Override