How to make web ui use custom authentication plugin to authenticate the user?

Ankush_Bandil — Tue, 28 Apr 2020 10:07:52 GMT

I have created a plugin for authentication which will be validating a JWT token passed during API calls. I have also installed web-ui plugin of Nuxeo on my server but when I am logging in with Administrator credentials on web ui login page, it allows me login with any JWT token. Is there any way to prevent login without JWT token?

Below is the contrib.xml

<?xml version="1.0"?>
<component
	name="com.softcell.dms.auth.jwt.authchain-override-config">
	<extension
		target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
		point="specificChains">
		<!-- 
			Extending specificChains as we only want to handle RestApis through custom jwt plugin
		-->
		<specificAuthenticationChain
			name="RestAPI">
			<headers>
				<header name = "Authorization">^(?:Basic|Bearer)\s.*</header>
				<!-- request not intended with basic authentication -->
			</headers>
			<replacementChain>
				<plugin>CUSTOM_JWT_AUTH</plugin>
			</replacementChain>
		</specificAuthenticationChain>
	</extension>
	<extension
		target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
		point="specificChains">
		<!--
			Extending specificChains as we only want to handle Automation apis through custom jwt plugin
		-->
		<specificAuthenticationChain
			name="Automation">
			<headers>
				<header name = "Authorization">^(?:Basic|Bearer)\s.*</header>
				<!-- request not intended with basic authentication -->
			</headers>
			<replacementChain>
				<plugin>CUSTOM_JWT_AUTH</plugin>
			</replacementChain>
		</specificAuthenticationChain>
	</extension>
</component>

Re: How to make web ui use custom authentication plugin to authenticate the user?

Rodri_ — Tue, 28 Apr 2020 16:10:10 GMT

Hello,

first of all, take a look at this (first piece of code): https://answers.nuxeo.com/general/q/52798df8e3754ec2b908aeaf6008e32b/Custom-Authentication-not-working-as-expected-with-Java-Client-SDK

I implemented JWT authentication, but I also kept the Basic Auth and Form Auth. I think you can just remove them from the authenticationChain. As I have seen, you only defined "specificChains", but you didn't add the authentication to the "generic" chain, so your authentication is not defined in the Web UI.

Regards.

topic Re: How to make web ui use custom authentication plugin to authenticate the user? in Nuxeo Forum

How to make web ui use custom authentication plugin to authenticate the user?

Re: How to make web ui use custom authentication plugin to authenticate the user?