Class TokenAuthenticator
java.lang.Object
org.nuxeo.ecm.platform.ui.web.auth.token.TokenAuthenticator
- All Implemented Interfaces:
NuxeoAuthenticationPlugin,NuxeoAuthenticationPluginLogoutExtension
public class TokenAuthenticator
extends Object
implements NuxeoAuthenticationPlugin, NuxeoAuthenticationPluginLogoutExtension
Handles authentication with a token sent as a request header.
The user is retrieved with the TokenAuthenticationService.
- Since:
- 5.7
- Author:
- Antoine Taillefer ([email protected])
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionReturns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.protected StringgetUserByToken(String token) handleLoginPrompt(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse, String baseURL) Handles the Login Prompt.handleLogout(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse) Handles logout operation.handleRetrieveIdentity(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse) Retrieves user identification information from the request.voidinitPlugin(Map<String, String> parameters) Initializes the Plugin from parameters set in the XML descriptor.needLoginPrompt(jakarta.servlet.http.HttpServletRequest httpRequest) Defines if the authentication plugin needs to do a login prompt.
-
Field Details
-
ALLOW_ANONYMOUS_KEY
- See Also:
-
TOKEN_HEADER
- See Also:
-
TOKEN_PARAM
- See Also:
-
allowAnonymous
protected boolean allowAnonymous
-
-
Constructor Details
-
TokenAuthenticator
public TokenAuthenticator()
-
-
Method Details
-
handleLoginPrompt
public Boolean handleLoginPrompt(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse, String baseURL) Description copied from interface:NuxeoAuthenticationPluginHandles the Login Prompt.- Specified by:
handleLoginPromptin interfaceNuxeoAuthenticationPlugin- Parameters:
httpRequest- the requesthttpResponse- the response- Returns:
- true if AuthFilter must stop execution (ie: login prompt generated a redirect), false otherwise
-
handleRetrieveIdentity
public UserIdentificationInfo handleRetrieveIdentity(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse) Description copied from interface:NuxeoAuthenticationPluginRetrieves user identification information from the request.- Specified by:
handleRetrieveIdentityin interfaceNuxeoAuthenticationPlugin- Parameters:
httpRequest- the requesthttpResponse- the response
-
needLoginPrompt
Description copied from interface:NuxeoAuthenticationPluginDefines if the authentication plugin needs to do a login prompt.- Specified by:
needLoginPromptin interfaceNuxeoAuthenticationPlugin- Returns:
- true if LoginPrompt is used
-
initPlugin
Description copied from interface:NuxeoAuthenticationPluginInitializes the Plugin from parameters set in the XML descriptor.- Specified by:
initPluginin interfaceNuxeoAuthenticationPlugin
-
getUnAuthenticatedURLPrefix
Description copied from interface:NuxeoAuthenticationPluginReturns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.- Specified by:
getUnAuthenticatedURLPrefixin interfaceNuxeoAuthenticationPlugin
-
getUserByToken
-
handleLogout
public Boolean handleLogout(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse) Description copied from interface:NuxeoAuthenticationPluginLogoutExtensionHandles logout operation.Generic logout (killing session and Seam objects) is done by LogoutActionBean This interface must be implemented by auth plugin when the target auth system needs a specific logout procedure.
- Specified by:
handleLogoutin interfaceNuxeoAuthenticationPluginLogoutExtension- Returns:
- true if caller must stop execution (ie: logout generated a redirect), false otherwise
-