How to make web ui use custom authentication plugin to authenticate the user?

I have created a plugin for authentication which will be validating a JWT token passed during API calls. I have also installed web-ui plugin of Nuxeo on my server but when I am logging in with Administrator credentials on web ui login page, it allows me login with any JWT token. Is there any way to prevent login without JWT token?

Below is the contrib.xml

<?xml version="1.0"?>
<component
    name="com.softcell.dms.auth.jwt.authchain-override-config">
    <extension
        target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
        point="specificChains">
        <!-- 
            Extending specificChains as we only want to handle RestApis through custom jwt plugin
        -->
        <specificAuthenticationChain
            name="RestAPI">
            <headers>
                <header name = "Authorization">^(?:Basic|Bearer)\s.*</header>
                <!-- request not intended with basic authentication -->
            </headers>
            <replacementChain>
                <plugin>CUSTOM_JWT_AUTH</plugin>
            </replacementChain>
        </specificAuthenticationChain>
    </extension>
    <extension
        target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
        point="specificChains">
        <!--
            Extending specificChains as we only want to handle Automation apis through custom jwt plugin
        -->
        <specificAuthenticationChain
            name="Automation">
            <headers>
                <header name = "Authorization">^(?:Basic|Bearer)\s.*</header>
                <!-- request not intended with basic authentication -->
            </headers>
            <replacementChain>
                <plugin>CUSTOM_JWT_AUTH</plugin>
            </replacementChain>
        </specificAuthenticationChain>
    </extension>
</component>
0 votes

1 answers

310 views

ANSWER



Hello,

first of all, take a look at this (first piece of code): https://answers.nuxeo.com/general/q/52798df8e3754ec2b908aeaf6008e32b/Custom-Authentication-not-working-as-expected-with-Java-Client-SDK

I implemented JWT authentication, but I also kept the Basic Auth and Form Auth. I think you can just remove them from the authenticationChain. As I have seen, you only defined “specificChains”, but you didn't add the authentication to the “generic” chain, so your authentication is not defined in the Web UI.

Regards.

1 votes