Component org.nuxeo.ecm.login.token.authentication.contrib
In bundle org.nuxeo.ecm.platform.login.token
Contributions
- org.nuxeo.ecm.login.token.authentication.contrib--specificChains
- org.nuxeo.ecm.login.token.authentication.contrib--authenticators
XML Source
<?xml version="1.0"?>
<component name="org.nuxeo.ecm.login.token.authentication.contrib">
<!-- Replace Automation specific authentication chain -->
<require>org.nuxeo.ecm.automation.server.auth.config</require>
<extension
target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
point="authenticators">
<documentation>
Authentication plugin using a token to validate
identity. This token is sent as a HTTP request header.
The user is
retrieved looking into a directory mapping unique tokens to user
names.
This Authentication Plugin is configured to be
used with the
Trusting_LM LoginModule plugin
=> no password check will
be done, a
principal will be created
from the userName if the user exists in
the
user directory.
@author
Antoine Taillefer (ataillefer@nuxeo.com)
</documentation>
<authenticationPlugin name="TOKEN_AUTH"
enabled="true"
class="org.nuxeo.ecm.platform.ui.web.auth.token.TokenAuthenticator">
<loginModulePlugin>Trusting_LM</loginModulePlugin>
</authenticationPlugin>
</extension>
<extension
target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
point="specificChains">
<documentation>
Override Automation specific authentication chain to
use token authentication just after basic one.
</documentation>
<specificAuthenticationChain name="Automation">
<urlPatterns>
<url>(.*)/automation.*</url>
</urlPatterns>
<replacementChain>
<plugin>AUTOMATION_BASIC_AUTH</plugin>
<plugin>TOKEN_AUTH</plugin>
<plugin>ANONYMOUS_AUTH</plugin>
</replacementChain>
</specificAuthenticationChain>
<specificAuthenticationChain name="RestAPI">
<urlPatterns>
<url>(.*)/api/v.*</url>
</urlPatterns>
<replacementChain>
<plugin>AUTOMATION_BASIC_AUTH</plugin>
<plugin>TOKEN_AUTH</plugin>
<plugin>ANONYMOUS_AUTH</plugin>
</replacementChain>
</specificAuthenticationChain>
<documentation>
Use token authentication if the related request
header is sent.
</documentation>
<specificAuthenticationChain name="TokenAuth">
<headers>
<header name="X-Authentication-Token">.*</header>
</headers>
<replacementChain>
<plugin>TOKEN_AUTH</plugin>
</replacementChain>
</specificAuthenticationChain>
</extension>
</component>