Wiki source code of Create a Custom Authenticator
Version 4.1 by gcoquard on 2021/04/21
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | It is possible to plug to any existing authentication mechanism such as SiteMinder, etc. | ||
| 2 | |||
| 3 | To configure a custom authentication do the following: | ||
| 4 | |||
| 5 | * Edit the //WEB-INF/xwiki.cfg// file and add a //xwiki.authentication.authclass// property pointing to your class. For example: | ||
| 6 | |||
| 7 | {{code language="properties"}} | ||
| 8 | xwiki.authentication.authclass = com.acme.MyCustomAuthenticationService | ||
| 9 | {{/code}} | ||
| 10 | |||
| 11 | * {{version since="13.3RC1"}}To comply with latest best practices, your custom authentication should trigger a {{scm path="xwiki-platform-core/xwiki-platform-security/xwiki-platform-security-authentication/xwiki-platform-security-authentication-api/src/main/java/org/xwiki/security/authentication/UserAuthenticatedEvent.java"}}UserAuthenticatedEvent{{/scm}} event when user authenticates. You can find implementation examples in {{code}}xwiki-platform-oldcore{{/code}} as {{scm path="xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/user/impl/xwiki/MyFormAuthenticator.java"}}MyFormAuthenticator{{/scm}} and {{scm path="xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/user/impl/xwiki/MyBasicAuthenticator.java"}}MyBasicAuthenticator{{/scm}}. Note that a {{scm path="xwiki-platform-core/xwiki-platform-security/xwiki-platform-security-authentication/xwiki-platform-security-authentication-api/src/main/java/org/xwiki/security/authentication/UserAuthenticatedEvent.java"}}UserAuthenticatedEvent{{/scm}} should be created with a {{scm path="xwiki-platform-core/xwiki-platform-user/xwiki-platform-user-api/src/main/java/org/xwiki/user/UserReference.java"}}UserReference{{/scm}}.{{/version}} | ||
| 12 | |||
| 13 | Here is an example code for a custom authenticator designed as a component: | ||
| 14 | |||
| 15 | {{code language="java"}} | ||
| 16 | import ...; | ||
| 17 | |||
| 18 | import org.xwiki.observation.ObservationManager; | ||
| 19 | import org.xwiki.security.authentication.UserAuthenticatedEvent; | ||
| 20 | import org.xwiki.user.UserReference; | ||
| 21 | |||
| 22 | @Component | ||
| 23 | public class CustomAuthenticator { | ||
| 24 | |||
| 25 | // Inject ObservationManager component | ||
| 26 | @Inject | ||
| 27 | private ObservationManager observationManager; | ||
| 28 | |||
| 29 | ... | ||
| 30 | |||
| 31 | public void processLogin(...) | ||
| 32 | { | ||
| 33 | // You authenticate a user somehow | ||
| 34 | |||
| 35 | // You have to retrieve its UserReference | ||
| 36 | // You should be able to use a UserReferenceResolver if needed | ||
| 37 | UserReference userReference = ...; | ||
| 38 | |||
| 39 | // Then, trigger a UserAuthenticatedEvent by passing previously retrived user reference to UserAuthenticatedEvent constructor | ||
| 40 | this.observationManager.notify(new UserAuthenticatedEvent(userReference), null); | ||
| 41 | } | ||
| 42 | |||
| 43 | } | ||
| 44 | {{/code}} | ||
| 45 | |||
| 46 | You can find various authenticators examples in [[sandbox>>https://github.com/xwiki-contrib/sandbox/tree/master/authenticators]] or [[extensions>>http://extensions.xwiki.org/xwiki/bin/view/Main/WebHome#|t=extensions&p=1&l=30&s=doc.creationDate&d=desc&name=authenticator]]. | ||
| 47 | |||
| 48 | Here's a [[tutorial on implementing a custom authentication class for authenticating against Oracle's SSO>>http://bodez.wordpress.com/2008/10/15/xwiki-user-authentication-with-oracle-sso/]]. |
