-
Type:
Bug
-
Status: Open
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: 8.10-HF13
-
Fix Version/s: QualifiedToSchedule
-
Component/s: Authentication, Token Based Authentication
-
Tags:
In the authentication-contrib.xml file of the nuxeo-platform-web-common module, we define a default authentication chain like this :
<extension
target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
point="chain">
<authenticationChain>
<plugins>
<plugin>BASIC_AUTH</plugin>
<plugin>TOKEN_AUTH</plugin>
<plugin>FORM_AUTH</plugin>
<plugin>ANONYMOUS_AUTH</plugin>
<plugin>WEBSERVICES_AUTH</plugin>
</plugins>
</authenticationChain>
</extension>
The problem is that the TOKEN_AUTH plugin is defined in the token-authentication-contrib.xml file of the nuxeo-platform-login-token module, which is not in the dependencies of nuxeo-platform-web-common.
So 2 options :
1) Remove the TOKEN_AUTH from the default authentication chain
-> maybe put override the default authentication chain in nuxeo-platform-login-token module
2) Add a dependency on nuxeo-platform-login-token in nuxeo-platform-web-common and a required on org.nuxeo.ecm.login.token.authentication.contrib in authentication-contrib.xml
-> I don't think it is possible because nuxeo-platform-login-token depends on automation-server which should depend on nuxeo-platform-web-common (not sure)