https://connect.hyland.com/t5/nuxeo-forum/authentication-and-automation-apis/m-p/324713#M11714 <P>I am a bit confused about how authentication works with the Java automation APIs. I would like to use a shared secret between the client and the server, and to use impersonation when a client request comes in to switch the the requesting user's security context. I also need to authenticate the user. Roughly I am trying something along those lines:</P> <PRE><CODE>// client init session = client.getSession("Administrator", "Administrator"); // will replace with shared secret // request comes in from user Bob session.verifyCredentials("bob", bob's password) // how do I do this?? session.newRequest("Auth.LoginAs").set("name", "bob"); session.do_some_stuff() session.newRequest("Auth.Logout"); </CODE></PRE> <P>I have two issues:</P> <OL> <LI>How can I validate Bob's credentials (without starting a new session, which is too slow)?</LI> <LI>after Auth.LoginAs, I can still successfully use the session to readDocument for which Bob has been denied the READ permission - is LoginAs really impersonating the user?</LI> </OL> <P>Thanks!</P> Fri, 09 Nov 2012 09:30:16 GMT franck102_ 2012-11-09T09:30:16Z https://connect.hyland.com/t5/nuxeo-forum/authentication-and-automation-apis/m-p/324713#M11714 <P>I am a bit confused about how authentication works with the Java automation APIs. I would like to use a shared secret between the client and the server, and to use impersonation when a client request comes in to switch the the requesting user's security context. I also need to authenticate the user. Roughly I am trying something along those lines:</P> <PRE><CODE>// client init session = client.getSession("Administrator", "Administrator"); // will replace with shared secret // request comes in from user Bob session.verifyCredentials("bob", bob's password) // how do I do this?? session.newRequest("Auth.LoginAs").set("name", "bob"); session.do_some_stuff() session.newRequest("Auth.Logout"); </CODE></PRE> <P>I have two issues:</P> <OL> <LI>How can I validate Bob's credentials (without starting a new session, which is too slow)?</LI> <LI>after Auth.LoginAs, I can still successfully use the session to readDocument for which Bob has been denied the READ permission - is LoginAs really impersonating the user?</LI> </OL> <P>Thanks!</P> Fri, 09 Nov 2012 09:30:16 GMT https://connect.hyland.com/t5/nuxeo-forum/authentication-and-automation-apis/m-p/324713#M11714 franck102_ 2012-11-09T09:30:16Z https://connect.hyland.com/t5/nuxeo-forum/authentication-and-automation-apis/m-p/324714#M11715 <P>Looking into the source code it seems that LoginAs would work only if I chain it with my "do_some_stuff" on the server side... however that doesn't work well for me, I would need to define automation chains for every operation I ever want to use.</P> Fri, 09 Nov 2012 12:29:09 GMT https://connect.hyland.com/t5/nuxeo-forum/authentication-and-automation-apis/m-p/324714#M11715 franck102_ 2012-11-09T12:29:09Z https://connect.hyland.com/t5/nuxeo-forum/authentication-and-automation-apis/m-p/324715#M11716 <P>I finally realized that establishing a session is really fast (as opposed to creating a new automation client), so I don't actually have a need for impersonation.</P> Mon, 12 Nov 2012 10:12:21 GMT https://connect.hyland.com/t5/nuxeo-forum/authentication-and-automation-apis/m-p/324715#M11716 franck102_ 2012-11-12T10:12:21Z