Platform Explorer / Nuxeo Platform 2023.24

Component org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService

Documentation

The pluggable authentication service defines a plugin API for the Nuxeo Authentication Filter. This service let you : - define new Authentication Plugins - define authentication chains

Resolution Order

609
The resolution order represents the order in which this component has been resolved by the Nuxeo Runtime framework.
You can influence this order by adding "require" tags in your component declaration, to make sure it is resolved after another component.

Start Order

888
The start order represents the order in which this component has been started by the Nuxeo Runtime framework.
This number is interesting to tweak if your Java component interacts with other components, and needs to be started before or after another one.
It can be changed by implementing the method "Component#getApplicationStartedOrder()" on your Java component: components are sorted according to this reference value, in increasing order.
The default value is 1000, and the repository initialization uses number 100. Negative values can also be used.

Implementation

Class: org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService

Services

Extension Points

Contributions

XML Source

<?xml version='1.0' encoding='UTF-8'?>
<component name="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
  <implementation class="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"/>

  <service>
    <provide interface="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"/>
  </service>

  <documentation>
    The pluggable authentication service defines a plugin API for the Nuxeo Authentication Filter.
    This service let you :
    - define new Authentication Plugins
    - define authentication chains
    @author Thierry Delprat (td@nuxeo.com)
  </documentation>

  <extension target="org.nuxeo.runtime.LoginAsComponent" point="implementation">
    <implementation class="org.nuxeo.ecm.platform.ui.web.auth.service.LoginAsImpl"/>
  </extension>

  <extension-point name="authenticators">
    <documentation>
      Registry for Authentication Plugins.
      Authentication plugins are responsible for :
      - generating the authentication prompt (if needed)
      - get the user identity
      - checking the user credentials if they're not login/password based

      Authentication plugin must implement the NuxeoAuthenticationPlugin interface.

      Default implementation of Authentication Plugins are :
      - Form based authentication
      - HTTP Basic Authentication

      @author Thierry Delprat (td@nuxeo.com)
    </documentation>

    <object class="org.nuxeo.ecm.platform.ui.web.auth.service.AuthenticationPluginDescriptor"/>
  </extension-point>

  <extension-point name="chain">
    <documentation>
      Defines the chain of AuthenticationPlugin to use when trying to authenticate.
      = The authentication Plugins are tried in the chain order.

      @author Thierry Delprat (td@nuxeo.com)
    </documentation>
    <object class="org.nuxeo.ecm.platform.ui.web.auth.service.AuthenticationChainDescriptor"/>
  </extension-point>

  <extension-point name="startURL">
    <documentation>
      Defines a list of URL prefix that is considered safe to start a new session.
      Typically, in default webapp you will have :
      - GET url patterns
      - nxstartup.faces
      - RSS/ATOM get URL

      @author Thierry Delprat (td@nuxeo.com)
    </documentation>
    <object class="org.nuxeo.ecm.platform.ui.web.auth.service.StartURLPatternDescriptor"/>
  </extension-point>

  <extension-point name="sessionManager">
    <documentation>
      Contribute a SessionManager to handle Session and url manipulation

      @author Thierry Delprat (td@nuxeo.com)
    </documentation>
    <object class="org.nuxeo.ecm.platform.ui.web.auth.service.SessionManagerDescriptor"/>
  </extension-point>

  <extension-point name="openUrl">
    <documentation>
      Contribute pattern to define urls that can be accessed without authentication

      @author Thierry Delprat (td@nuxeo.com)
    </documentation>
    <object class="org.nuxeo.ecm.platform.ui.web.auth.service.OpenUrlDescriptor"/>
  </extension-point>


  <extension-point name="specificChains">
    <documentation>
      Contribute specific authentication chain for specific urls or request headers.
      This is usefull to be able to change the authentication plugins used for a dedicated protocol (WSS, WebDav ...)

      @author Thierry Delprat (td@nuxeo.com)
    </documentation>
    <object class="org.nuxeo.ecm.platform.ui.web.auth.service.SpecificAuthChainDescriptor"/>
  </extension-point>


  <extension-point name="loginScreen">

    <documentation>
      Configure the Login Screen : header, footer, styles, openid providers ...
      <p>
        The variable ${org.nuxeo.ecm.contextPath} can be used to avoid
        hardcoding the default application path (/nuxeo)
      </p>

      @author Thierry Delprat (td@nuxeo.com)
    </documentation>
    <object class="org.nuxeo.ecm.platform.ui.web.auth.service.LoginScreenConfig"/>

  </extension-point>

</component>