topic Re: Webscript custom authenticator in Alfresco Archive

Webscript custom authenticator

alexis — Sun, 23 Sep 2007 09:36:51 GMT

I want to use HTTP API in order to integrate alfresco functionnality into another webapp. This webapp kwnow the alfresco's username, but not his password. Do you think it' s possible to implement a custom WebScriptServletAuthenticator which authenticate user with his username ? (I will secure this

Re: Webscript custom authenticator

davidc — Mon, 24 Sep 2007 13:23:46 GMT

If your web app is essentially performing the authentication, then yes - otherwise, you'll be allowing free access to the repository. Maybe that's what you want.

Basically, you can develop an authenticator similar to the JSR-168 authenticator. You just need to pull the username and then 'run as' that user.

See JSR68PortletAuthenticator.java for an example.

Re: Webscript custom authenticator

andy — Thu, 11 Oct 2007 12:11:07 GMT

Hi

An authentication filter to do just this exists to support SiteMinder and IChains. The user name as taken from a request header. You need to use SSL between you SSO/Redirection layer and alfresco and disable normal authentication.

Andy