Hyland Connect

jiyarza_Yarza · ‎04-05-2013

So, How do you force the login page for anonymous users?

Any ideas?

Thank you.

Jose.

Long story: We have configured anonymous access so that we can directly link and download nuxeo documents (blob files) from an external site.

However we don't want to allow anonymous users to access the nuxeo web application, so I would like to force the login page for anonymous users. How can we achieve this?

I have played with the forceAnonymousLogin parameter, but with little success.

Nelson_Silva · ‎04-15-2013

Hi,

How about overriding the StartupHelper ? This is done in the Social Collaboration Module and in CMF.. something like:

/**
 * Overwrite default StartupHelper to provide custom startup page.
 */
@Name("startupHelper")
@Scope(SESSION)
@Install(precedence = Install.DEPLOYMENT)
public class MyStartupHelper extends StartupHelper {

    private static final long serialVersionUID = 1L;

    @Override
    @Begin(id = "#{conversationIdGenerator.nextMainConversationId}", join = true)
    public String initDomainAndFindStartupPage(String domainTitle, String viewId) {
        String result = super.initDomainAndFindStartupPage(domainTitle, viewId);

        NuxeoPrincipal principal = (NuxeoPrincipal) documentManager.getPrincipal();

        if (principal.isAdministrator()) {
            return result;
        } else if (principal.isAnonymous()) {
            try {
                FacesContext.getCurrentInstance().getExternalContext().redirect(NXAuthConstants.LOGOUT_PAGE);
            } catch (IOException e) { }
            return null;
        } else {
            return dashboardNavigationHelper.navigateToDashboard();
        }
    }
}

View answer in original post

Julien_Carsique · ‎04-15-2013

Hi,

If you force the login page for anonymous users, then there is no more anonymous access 🙂
/> You must define the URLs/paths which will be anonymously accessible (read rights to the Guest user). Then, any other URL/path including the login page will require a login.

jiyarza_Yarza · ‎04-15-2013

Hi Julien, I want to force the login page only when someone enters the nuxeo home page, but at the same time allow direct links for downloading blobs. The reason is that I am linking directly the videos in Nuxeo DAM from external video players, and I need them to be available anonymously. But I would like to avoid anonymous users to browse the repository. Would that be possible? Thank you

Julien_Carsique · ‎04-15-2013

So, instead of defining an anonymous access which is based on documents and not actions on those documents, you could simply open some URLs (those matching the direct links) with [PluggableAuthenticationService--openUrl][1]; something like

jiyarza_Yarza · ‎04-18-2013

The openUrl extension point is a neat solution, since you can fine grain the urls according to your needs. Thank you very much for the tip.

Nelson_Silva · ‎04-15-2013

Hi,

How about overriding the StartupHelper ? This is done in the Social Collaboration Module and in CMF.. something like:

/**
 * Overwrite default StartupHelper to provide custom startup page.
 */
@Name("startupHelper")
@Scope(SESSION)
@Install(precedence = Install.DEPLOYMENT)
public class MyStartupHelper extends StartupHelper {

    private static final long serialVersionUID = 1L;

    @Override
    @Begin(id = "#{conversationIdGenerator.nextMainConversationId}", join = true)
    public String initDomainAndFindStartupPage(String domainTitle, String viewId) {
        String result = super.initDomainAndFindStartupPage(domainTitle, viewId);

        NuxeoPrincipal principal = (NuxeoPrincipal) documentManager.getPrincipal();

        if (principal.isAdministrator()) {
            return result;
        } else if (principal.isAnonymous()) {
            try {
                FacesContext.getCurrentInstance().getExternalContext().redirect(NXAuthConstants.LOGOUT_PAGE);
            } catch (IOException e) { }
            return null;
        } else {
            return dashboardNavigationHelper.navigateToDashboard();
        }
    }
}

Julien_Carsique · ‎04-16-2013

That would avoid anonymous users to browse the repository using the JSF UI but documents would still be accessible and browsable through any other UI...

Nelson_Silva · ‎04-16-2013

Yes. You still have to filter unwanted actions with not_anonymous ("home", etc) and set the proper permissions in the repository but I guess it solves the "don't want to allow anonymous users to access the nuxeo web application" bit...

jiyarza_Yarza · ‎04-18-2013

I have decided yo use this approach for now, maybe we will filter actions as well. I really need to open access to all documents, blobs and metadata and I am already overriding StartupHelper to change the default landing page to the DAM tab, so this was a one line solution for me. The only issue I found is that documentManager was null, so instead I used

Hyland Connect

Force Anonymous Login