[
https://issues.apache.org/jira/browse/CMIS-887?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14297341#comment-14297341
]
Sascha Homeier commented on CMIS-887:
-------------------------------------
bq. ... Sasha has extended the TokenCallContextHandler and you're suggesting to
extend the Standard authentication provider ...
To clarify: This is not like either AuthenticationProvider or
TokenCallContextHandler. You need both from my point of view:
On client side you extend the StandardAuthenticationProvider as Florian stated
above. This is necessary to set additional HTTP parameters.
StandardAuthenticationProvider for example sets username and password
parameters.
On server side you need to somehow handle your additional parameters. The
normal username and password parameters are handled by TokenCallContextHandler
and put on the CallContext. This is why you can get username and password via
CallContext.getUsername() and CallContext.getPassword().
Additional parameter needs to be handled by your own TokenCallContextHandler
which for example might read the HTTP parameter "RunAs" (which was set on
Client side by your own AuthenticationProvider) and put it on the CallContext
via key "RunAs". After that you can get the "RunAs"-value from the CMIS service
methods via CallContext.get("RunAs") (btw. I do not know Alfresco and don't
know the semantics of this RunAs-value).
bq. So I in this case have a custom external service to authenticate
I see no problem to also handle multiple authentication services. You can
simply set the name of the login realm on client side via
AuthenticationProvider and read it from token handler on server side.
This way you can configure which LoginModule you want to use. This way for
example you could choose between LDAPLoginModule which uses LDAP to
authenticate or DBLoginModule which authenticates against database stored
user/pw.
> RunAs Authentication possiblity
> -------------------------------
>
> Key: CMIS-887
> URL: https://issues.apache.org/jira/browse/CMIS-887
> Project: Chemistry
> Issue Type: Improvement
> Components: opencmis-client, opencmis-server
> Affects Versions: OpenCMIS 0.12.0
> Environment: Alfresco 4.2
> Reporter: Tahir Malik
>
> There is no possibility to define a RunAs user through CMIS.
> At the moment we have a custom webscript in Alfresco which logs in as the
> RunAs user and returns the ticket.
> Then we use the ticket in the password field and do our stuff.
> It would be nice to extent the Authentication mechanism to supply extra
> parameters and control them server side so this is not needed.
> If this is already possible, then I didn't knew that and I'd love to have
> some info how to do that.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
