cancel
Showing results for 
Search instead for 
Did you mean: 

How to make web ui use custom authentication plugin to authenticate the user?

Ankush_Bandil
Confirmed Champ
Confirmed Champ

I have created a plugin for authentication which will be validating a JWT token passed during API calls. I have also installed web-ui plugin of Nuxeo on my server but when I am logging in with Administrator credentials on web ui login page, it allows me login with any JWT token. Is there any way to prevent login without JWT token?

Below is the contrib.xml

<?xml version="1.0"?>
<component
	name="com.softcell.dms.auth.jwt.authchain-override-config">
	<extension
		target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
		point="specificChains">
		<!-- 
			Extending specificChains as we only want to handle RestApis through custom jwt plugin
		-->
		<specificAuthenticationChain
			name="RestAPI">
			<headers>
				<header name = "Authorization">^(?:Basic|Bearer)\s.*</header>
				<!-- request not intended with basic authentication -->
			</headers>
			<replacementChain>
				<plugin>CUSTOM_JWT_AUTH</plugin>
			</replacementChain>
		</specificAuthenticationChain>
	</extension>
	<extension
		target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
		point="specificChains">
		<!--
			Extending specificChains as we only want to handle Automation apis through custom jwt plugin
		-->
		<specificAuthenticationChain
			name="Automation">
			<headers>
				<header name = "Authorization">^(?:Basic|Bearer)\s.*</header>
				<!-- request not intended with basic authentication -->
			</headers>
			<replacementChain>
				<plugin>CUSTOM_JWT_AUTH</plugin>
			</replacementChain>
		</specificAuthenticationChain>
	</extension>
</component>


1 ACCEPTED ANSWER

Rodri_
Star Contributor
Star Contributor

Hello,

first of all, take a look at this (first piece of code): https://answers.nuxeo.com/general/q/52798df8e3754ec2b908aeaf6008e32b/Custom-Authentication-not-worki...

I implemented JWT authentication, but I also kept the Basic Auth and Form Auth. I think you can just remove them from the authenticationChain. As I have seen, you only defined "specificChains", but you didn't add the authentication to the "generic" chain, so your authentication is not defined in the Web UI.

Regards.

View answer in original post

1 REPLY 1

Rodri_
Star Contributor
Star Contributor

Hello,

first of all, take a look at this (first piece of code): https://answers.nuxeo.com/general/q/52798df8e3754ec2b908aeaf6008e32b/Custom-Authentication-not-worki...

I implemented JWT authentication, but I also kept the Basic Auth and Form Auth. I think you can just remove them from the authenticationChain. As I have seen, you only defined "specificChains", but you didn't add the authentication to the "generic" chain, so your authentication is not defined in the Web UI.

Regards.