incubator-chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Florent Guillaume>
Subject Re: More flexibility in authentication?
Date Wed, 10 Feb 2010 13:48:11 GMT
Hi Craig,

Sorry for the late response.
Yes beefing up the authentication APIs would we a worthwhile task. I'd
welcome a JIRA issue and a patch if you can work on one!


2010/1/28 Craig McClanahan <>:
> The ContentManager interface sports a login() method that takes a
> username and password.  This will fit in well with repositories that
> use HTTP Basic authentication, but won't be quite as useful for HTTP
> Digest, or any sort of single sign on environment (OpenID, OAuth,
> etc.) where the client application that uses Chemistry might not
> actually have a plaintext password for the calling user.
> In previous $JOB lives, when designing an API like this, I've
> sometimes created another interface called Authenticator (with an
> implementation HttpBasicAuthenticator, plus perhaps some others).
> Then:
> * I would add a login(Authenticator authenticator) method to the
>  ContentManager interface -- I'd be fine with keeping the existing login()
>  method as well because HTTP Basic will likely be a common use case,
>  but it would not be strictly necessary).
> * The Authenticator instance would get a chance, just before the outbound
>  HTTP request is sent, to add whatever HTTP headers it needed for
>  the authentication mechanism it implements.
> * For completeness, Authenticator should also be able to receive some sort
>  of callback if a 401 is received (perhaps similar to the way Acegi Security
>  does this kind of thing).
> Would something like this be of interest to the Chemistry developers?
> If so, I can add a JIRA issue and take a crack at a patch to add this
> feature.
> Craig McClanahan
> PS:  In my current role, I'm evaluating how to integrate our company's
> application (Jive SBS) more closely with various CMS environments, and
> CMIS (and therefore Chemistry) looks like it might be a good long term
> strategy.

Florent Guillaume, Director of R&D, Nuxeo
Open Source, Java EE based, Enterprise Content Management (ECM)   +33 1 40 33 79 87

View raw message