我们有一个自定义身份验证服务,它通过 REST 服务接受参数并提供 json 响应。根据响应,我们重定向用户。我希望将此网络服务与我们的新 Alfresco Box 集成。
有没有办法进行自定义基本身份验证,而不是使用 LDAP 或内置 SSO 插件?
【问题讨论】:
标签: rest authentication alfresco
如果我理解正确的话……
实现您的自定义remote user mapper:
package best.package.ever;
import org.alfresco.repo.security.authentication.external.DefaultRemoteUserMapper;
public class CustomRemoteUserMapper extends DefaultRemoteUserMapper {
public boolean canHandle(HttpServletRequest request) {
return true; // TODO
}
public String getTrustedUserId(HttpServletRequest request) {
// TODO: validate & authorize... e.g. based on trusted Json Web Token
return "trusted.user.id"; // TODO
}
public String getRemoteUser(HttpServletRequest request) {
if (canHandle(request)) {
return getTrustedUserId(request);
} else {
return super.getRemoteUser(request);
}
}
}
将你的库 best-package-ever.jar 放入 tomcat\webapps\alfresco\WEB-INF\lib
声明您的自定义 bean 并将其注入 RemoteUserMapper bean:tomcat\shared\classes\alfresco\extension\authentication-custom-context.xml
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="customRemoteUserMapper" class="best.package.ever.CustomRemoteUserMapper">
<property name="personService" ref="PersonService"/>
<property name="authorityService" ref="AuthorityService" />
</bean>
<bean id="RemoteUserMapper" class="org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory">
<property name="applicationContextManager">
<ref bean="Authentication" />
</property>
<property name="interfaces">
<list>
<value>org.alfresco.repo.security.authentication.external.RemoteUserMapper</value>
<value>org.alfresco.repo.management.subsystems.ActivateableBean</value>
</list>
</property>
<property name="sourceBeanName">
<value>customRemoteUserMapper</value> <!-- extending remoteUserMapper -->
</property>
</bean>
</beans>
【讨论】: