Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-16367

Prevent token authentication for anonymous user

    XMLWordPrintable

    Details

      Description

      By defaut, unless explicitely set by the allowAnonymous parameter of the TOKEN_AUTH authentication plugin, an anonymous user should not be able to:

      • Acquire a token through the TokenAuthenticationServlet.
      • Get authenticated by the TokenAuthenticator, even if somehow the user managed to obtain a token.

        Attachments

          Issue Links

          depends on

          Bug - A problem which impairs or prevents the functions of the product. NXP-16338 Nuxeo Drive keeps connected after token revocation if anonymous authentication is activated

          • Major - Major loss of function.
          • Resolved
          is required by

          Task - A task that needs to be done. NXDRIVE-211 Web authentication window

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: