Return-Path: X-Original-To: apmail-chemistry-dev-archive@www.apache.org Delivered-To: apmail-chemistry-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 681B9178CF for ; Thu, 29 Jan 2015 11:48:34 +0000 (UTC) Received: (qmail 58400 invoked by uid 500); 29 Jan 2015 11:48:34 -0000 Delivered-To: apmail-chemistry-dev-archive@chemistry.apache.org Received: (qmail 58336 invoked by uid 500); 29 Jan 2015 11:48:34 -0000 Mailing-List: contact dev-help@chemistry.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@chemistry.apache.org Delivered-To: mailing list dev@chemistry.apache.org Received: (qmail 58324 invoked by uid 99); 29 Jan 2015 11:48:34 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 29 Jan 2015 11:48:34 +0000 Date: Thu, 29 Jan 2015 11:48:34 +0000 (UTC) From: "Sascha Homeier (JIRA)" To: dev@chemistry.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CMIS-887) RunAs Authentication possiblity MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CMIS-887?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14296742#comment-14296742 ] Sascha Homeier commented on CMIS-887: ------------------------------------- Sry for commenting on a resolved ticket but I recently implemented the same behaviour and maybe it helps you: On client side I extended StandardAuthenticationProvider to set the HTTPHeaders and on Server Side I extended TokenCallContextHandler to properly handle the additionally Tokens and set them on CallContext so that they are available later. Hope this is correct and intended usage of Chemistry, otherwise Florian may berate me ;) I did this because I want to know if client is using my CMIS Client (then I set a version HTTP param) or another one (then the HTTP param is not set). So similiar to your use case where you want to know user names instead of client version. Additionally I set encrpyted password header this way to support secure authentication also via HTTP (not only via HTTPS) > RunAs Authentication possiblity > ------------------------------- > > Key: CMIS-887 > URL: https://issues.apache.org/jira/browse/CMIS-887 > Project: Chemistry > Issue Type: Improvement > Components: opencmis-client, opencmis-server > Affects Versions: OpenCMIS 0.12.0 > Environment: Alfresco 4.2 > Reporter: Tahir Malik > > There is no possibility to define a RunAs user through CMIS. > At the moment we have a custom webscript in Alfresco which logs in as the RunAs user and returns the ticket. > Then we use the ticket in the password field and do our stuff. > It would be nice to extent the Authentication mechanism to supply extra parameters and control them server side so this is not needed. > If this is already possible, then I didn't knew that and I'd love to have some info how to do that. -- This message was sent by Atlassian JIRA (v6.3.4#6332)