I started using Alfresck SDK (All in one) the latest version. I am trying customise authentication in Alfresco. I configured a new authentication using documentation: authentication but I want to provide JWT Token base authentication. When I try to pass through a http header: Authorization: Bearer mytoken - it is cought by BasicHttpAuthenticatorFactory from child class RemoteUserAuthenticatorFactory and it says that it is not supported. How to pass my own bearer token and then invoke: public Authentication authenticate(Authentication authentication) throws AuthenticationException method? I does not see documentation for adding new own servlet filters.
Asked
Active
Viewed 526 times
0
-
I've got the same problem did you use `Restful Api` ?!? – Yagami Light Aug 08 '16 at 08:09
-
I use Alfresco REST API – falcon Aug 09 '16 at 12:27
-
in this case you have to add an authentification to your request to first log in after that execute it – Yagami Light Aug 09 '16 at 12:37
-
you can use postman to check what i am talking about, do you know postman ?!? – Yagami Light Aug 09 '16 at 12:40
-
Yes i know, I added to a request header "authorization: Bearer mytokenhere" – falcon Aug 10 '16 at 09:36
-
i think that you have a valide answer it's done – Yagami Light Aug 10 '16 at 09:37
1 Answers
1
Assuming you are running a 5.x version (4.something may also work) of Alfresco and your Servlet container supports the Servlet 3 spec (Tomcat 7 shipping with Alfresco 5.x is fine), then you can add a Servlet filter by following the spec - annotation or web-fragment based.
Not quite sure about your scenario, but I added OAuth authentication to Share w/o leveraging the Servlet API. Wired a custom Authentication Component into the chain and added a bunch of tweaks (LoginController etc.) to Share
Andreas Steffan
- 6,039
- 2
- 23
- 25
-
WebFilter annotation works properly. May I ask you how you added oauth to resign from the Servlet API? I see that web.xml modification is required but in "alfresco-sdk all in one" there is no web.xml files in project before deploying app. – falcon Aug 09 '16 at 12:41
-
I don't use the SDK, but I am quite sure the dev environment should pick up annotations in your classes. Hence, there should be no need to mess with xml descriptors. As I said, not quite sure about your scenario. I did not need the servlet api, the Webscripts API already provided all I needed to deal with http requests/responses. – Andreas Steffan Aug 09 '16 at 16:51
-
Returning back to the subject about own filter. I used Alfresco authenticationUtil bean to set authentication (method setFullyAuthenticatedUser), even though after this operation when I invoke doFilter on the chain the authentication is reset by RepositoryContainer and does not work. Do you have any idea how to persist this authentication from my own filter? Maybe this aproach is inappropriate and would not be working. – falcon Aug 11 '16 at 06:52
-
Why not work within the scope of the RepositoryContainer? Why do you need to deal with the Servlet API? – Andreas Steffan Aug 11 '16 at 15:37