WebServicesAuthenticator (Nuxeo ECM Projects 5.4.3-SNAPSHOT API Documentation)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

Nuxeo ECM Projects 5.4.3-SNAPSHOT

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.nuxeo.ecm.platform.ui.web.auth.plugins
Class WebServicesAuthenticator

java.lang.Object
  org.nuxeo.ecm.platform.ui.web.auth.plugins.WebServicesAuthenticator

public class WebServicesAuthenticator
extends Object
implements NuxeoAuthenticationPlugin
extends Object
implements NuxeoAuthenticationPlugin

The Web Service Servlet needs no login prompt and / or authentiocation.

I see 2 different scenarios:

The client application is a standalone application. It connects to WS with the real credentials and keeps a session only for WS. It has nothing to do with the Web Application or whatsoever. Initially client comes to MainEntrancePoint and tries to get a Stateful WebService (actual WS perfoming the job). NuxeoAuthenticationFilter (NAF) finds no authentication data in message. It has to let the request pass and not forward the request to login page. The WS makes the authentication based on user credentials.
The client application reuses a Web Session or uses another mechanism to hold a HTTP Session (the SSO case). Client comes to MainEntrancePoint and tries to gets a Stateful WebService (actual WS perfoming the job) calling a different method (no user/pass). NAF finds the authentication data in message this time. It establishes the JAAS context and forwards the request on chain. The WS is not doing authentication anymore, but relies on the JAAS context already established.Further, the same will apply while communicating with SFWS. The SFWS relies on JAAS Login Context established by NAF, while the Core Session is managed internally. The SFWS will be able to work only if the JAAS context is kept valid (the Web Session is on).

This plugin has to only block the login form for the requests addressed to WS. The requests are identified by the prefix of the URL.

Constructor Summary
`WebServicesAuthenticator()`

Method Summary
`List<String>`	`getUnAuthenticatedURLPrefix()` Returns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.
`Boolean`	`handleLoginPrompt(HttpServletRequest httpRequest, HttpServletResponse httpResponse, String baseURL)` Handles the Login Prompt.
`UserIdentificationInfo`	`handleRetrieveIdentity(HttpServletRequest httpRequest, HttpServletResponse httpResponse)` Retrieves user identification information from the request.
`void`	`initPlugin(Map<String,String> parameters)` Initializes the Plugin from parameters set in the XML descriptor.
`Boolean`	`needLoginPrompt(HttpServletRequest httpRequest)` Defines if the authentication plugin needs to do a login prompt.

Methods inherited from class java.lang.Object
`equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

public WebServicesAuthenticator()

Method Detail