Platform Explorer / Nuxeo Platform LTS 2015 7.10

Extension point specificChains

Contribute specific authentication chain for specific urls or request headers. This is usefull to be able to change the authentication plugins used for a dedicated protocol (WSS, WebDav ...)

Contribution Descriptor

Existing Contributions

  • nuxeo-drive-jsf-7.10.jar /OSGI-INF/nuxeodrive-token-authentication-contrib.xml
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
    
        <specificAuthenticationChain name="DriveMetadata">
          <urlPatterns>
            <url>(.*)/view_drive_metadata.*</url>
          </urlPatterns>
          <replacementChain>
            <plugin>STATEFUL_TOKEN_AUTH</plugin>
          </replacementChain>
        </specificAuthenticationChain>
    
      </extension>
  • nuxeo-web-mobile-cap-7.10.jar /OSGI-INF/web-mobile-authentification-chain-contrib.xml
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
        <specificAuthenticationChain name="mobile-app">
          <urlPatterns>
            <url>/.+/site/mobile[./]*</url>
          </urlPatterns>
    
          <replacementChain>
            <plugin>BASIC_AUTH_STATEFUL</plugin>
            <plugin>FORM_WEBENGINE_APPLICATION_AUTH</plugin>
            <plugin>FORM_AUTH</plugin>
            <plugin>ANONYMOUS_AUTH</plugin>
            <plugin>WEBSERVICES_AUTH</plugin>
          </replacementChain>
        </specificAuthenticationChain>
      </extension>
  • nuxeo-automation-server-7.10-HF07.jar /OSGI-INF/auth-contrib.xml
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
    
        <specificAuthenticationChain handlePrompt="false" name="Automation">
            <urlPatterns>
                <url>(.*)/automation.*</url>
            </urlPatterns>
    
            <replacementChain>
                <plugin>AUTOMATION_BASIC_AUTH</plugin>
            </replacementChain>
        </specificAuthenticationChain>
    
      </extension>
  • nuxeo-platform-login-token-7.10-HF07.jar /OSGI-INF/token-authentication-contrib.xml
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
    
        <documentation>
          Override Automation specific authentication chain to
          use token authentication just after basic one.
        </documentation>
    
        <specificAuthenticationChain handlePrompt="false" name="Automation">
    
          <urlPatterns>
            <url>(.*)/automation.*</url>
          </urlPatterns>
          <replacementChain>
            <plugin>AUTOMATION_BASIC_AUTH</plugin>
            <plugin>TOKEN_AUTH</plugin>
          </replacementChain>
        </specificAuthenticationChain>
    
        <specificAuthenticationChain name="RestAPI">
          <urlPatterns>
            <url>(.*)/api/v.*</url>
          </urlPatterns>
          <replacementChain>
            <plugin>AUTOMATION_BASIC_AUTH</plugin>
            <plugin>TOKEN_AUTH</plugin>
          </replacementChain>
        </specificAuthenticationChain>
    
    
    
        <documentation>
          Use token authentication if the related request
          header is sent.
        </documentation>
    
        <specificAuthenticationChain name="TokenAuth">
          <headers>
            <header name="X-Authentication-Token">.*</header>
          </headers>
          <replacementChain>
            <plugin>TOKEN_AUTH</plugin>
          </replacementChain>
        </specificAuthenticationChain>
    
      </extension>
  • nuxeo-webdav-7.10.jar /OSGI-INF/auth-contrib.xml
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
        <specificAuthenticationChain name="WebDAV">
            <urlPatterns>
                <url>(.*)/site/dav.*</url>
            </urlPatterns>
            <replacementChain>
                <plugin>DIGEST_AUTH</plugin>
                <plugin>WEBDAV_BASIC_AUTH</plugin>
                <plugin>ANONYMOUS_AUTH</plugin>
            </replacementChain>
        </specificAuthenticationChain>
        <specificAuthenticationChain name="WebDAV_Root">
          <headers>
            <header name="User-Agent">(Microsoft-WebDAV-MiniRedir|DavClnt|litmus|gvfs|gnome-vfs|davfs|WebDAV|cadaver|BitKinex|GoodReader|DataAccess|iWorkHTTPKit).*</header>
          </headers>
    
          <replacementChain>
            <plugin>DIGEST_AUTH</plugin>
            <plugin>WEBDAV_BASIC_AUTH</plugin>
          </replacementChain>
        </specificAuthenticationChain>
      </extension>
  • nuxeo-rest-api-server-7.10-HF07.jar /OSGI-INF/auth-contrib.xml
    <extension point="specificChains" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
    
        <specificAuthenticationChain name="RestAPI">
            <urlPatterns>
                <url>(.*)/api/v.*</url>
            </urlPatterns>
    
            <replacementChain>
                <plugin>AUTOMATION_BASIC_AUTH</plugin>
                <plugin>TOKEN_AUTH</plugin>
            </replacementChain>
        </specificAuthenticationChain>
    
      </extension>