Platform Explorer / Nuxeo Platform 2021.7

Extension point specificChains

In component org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService

Documentation

Contribute specific authentication chain for specific urls or request headers. This is usefull to be able to change the authentication plugins used for a dedicated protocol (WSS, WebDav ...)

Contribution Descriptors

  • Class: org.nuxeo.ecm.platform.ui.web.auth.service.SpecificAuthChainDescriptor

Existing Contributions

Contributions are presented in the same order as the registration order on this extension point. This order is displayed before the contribution name, in brackets.

  • nuxeo-opencmis-bindings-2021.7.15.jar /OSGI-INF/atom-contrib.xml 
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">

    <specificAuthenticationChain name="ATOM_CMIS">

      <urlPatterns>
        <url>(.*)/atom/cmis(/.*)?</url>
        <url>(.*)/atom/cmis10(/.*)?</url>
      </urlPatterns>
      <replacementChain>
        <plugin>AUTOMATION_BASIC_AUTH</plugin>
        <plugin>TOKEN_AUTH</plugin>
        <plugin>OAUTH2_AUTH</plugin>
        <plugin>JWT_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>

  </extension>
    (0) nuxeo-opencmis-bindings-2021.7.15.jar/OSGI-INF/atom-contrib.xml   Override
  • nuxeo-opencmis-bindings-2021.7.15.jar /OSGI-INF/json-contrib.xml 
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">

    <specificAuthenticationChain name="JSON_CMIS">
      <urlPatterns>
        <url>(.*)/json/cmis(/.*)?</url>
      </urlPatterns>
      <replacementChain>
        <plugin>AUTOMATION_BASIC_AUTH</plugin>
        <plugin>TOKEN_AUTH</plugin>
        <plugin>OAUTH2_AUTH</plugin>
        <plugin>JWT_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>

  </extension>
    (1) nuxeo-opencmis-bindings-2021.7.15.jar/OSGI-INF/json-contrib.xml   Override
  • nuxeo-automation-server-2021.7.15.jar /OSGI-INF/auth-contrib.xml 
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">

    <specificAuthenticationChain name="Automation">
        <urlPatterns>
            <url>(.*)/automation.*</url>
        </urlPatterns>

        <replacementChain>
            <plugin>AUTOMATION_BASIC_AUTH</plugin>
        </replacementChain>
    </specificAuthenticationChain>

  </extension>
    (2) nuxeo-automation-server-2021.7.15.jar/OSGI-INF/auth-contrib.xml   Override
  • nuxeo-platform-login-token-2021.7.15.jar /OSGI-INF/token-authentication-contrib.xml 
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">

    <documentation>
      Override Automation specific authentication chain to
      use token authentication just after basic one.
    </documentation>

    <specificAuthenticationChain name="Automation">

      <urlPatterns>
        <url>(.*)/automation.*</url>
      </urlPatterns>
      <replacementChain>
        <plugin>AUTOMATION_BASIC_AUTH</plugin>
        <plugin>TOKEN_AUTH</plugin>
        <plugin>OAUTH2_AUTH</plugin>
        <plugin>JWT_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>

    <specificAuthenticationChain name="RestAPI">
      <urlPatterns>
        <url>(.*)/api/v.*</url>
      </urlPatterns>
      <replacementChain>
        <plugin>AUTOMATION_BASIC_AUTH</plugin>
        <plugin>TOKEN_AUTH</plugin>
        <plugin>OAUTH2_AUTH</plugin>
        <plugin>JWT_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>



    <documentation>
      Use token authentication if the related request
      header is sent.
    </documentation>

    <specificAuthenticationChain name="TokenAuth">
      <headers>
        <header name="X-Authentication-Token">.*</header>
      </headers>
      <replacementChain>
        <plugin>TOKEN_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>

  </extension>
    (3) nuxeo-platform-login-token-2021.7.15.jar/OSGI-INF/token-authentication-contrib.xml   Override
  • nuxeo-rest-api-server-2021.7.15.jar /OSGI-INF/auth-contrib.xml 
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">

    <specificAuthenticationChain name="RestAPI">
        <urlPatterns>
            <url>(.*)/api/v.*</url>
        </urlPatterns>

        <replacementChain>
            <plugin>AUTOMATION_BASIC_AUTH</plugin>
            <plugin>TOKEN_AUTH</plugin>
            <plugin>OAUTH2_AUTH</plugin>
            <plugin>JWT_AUTH</plugin>
        </replacementChain>
    </specificAuthenticationChain>

  </extension>
    (4) nuxeo-rest-api-server-2021.7.15.jar/OSGI-INF/auth-contrib.xml   Override
  • nuxeo-webdav-2021.7.15.jar /OSGI-INF/auth-contrib.xml 
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
    <specificAuthenticationChain name="WebDAV">
        <urlPatterns>
            <url>(.*)/site/dav.*</url>
        </urlPatterns>
        <replacementChain>
            <plugin>DIGEST_AUTH</plugin>
            <plugin>WEBDAV_BASIC_AUTH</plugin>
            <plugin>ANONYMOUS_AUTH</plugin>
        </replacementChain>
    </specificAuthenticationChain>
    <specificAuthenticationChain name="WebDAV_Root">
      <headers>
        <header name="User-Agent">(Microsoft-WebDAV-MiniRedir|DavClnt|litmus|gvfs|gnome-vfs|davfs|WebDAV|cadaver|BitKinex|GoodReader|DataAccess|iWorkHTTPKit).*</header>
      </headers>

      <replacementChain>
        <plugin>DIGEST_AUTH</plugin>
        <plugin>WEBDAV_BASIC_AUTH</plugin>
      </replacementChain>
    </specificAuthenticationChain>
  </extension>
    (5) nuxeo-webdav-2021.7.15.jar/OSGI-INF/auth-contrib.xml   Override