Force Anonymous Login
So, How do you force the login page for anonymous users?
Any ideas?
Thank you.
Jose.
Long story: We have configured anonymous access so that we can directly link and download nuxeo documents (blob files) from an external site.
However we don't want to allow anonymous users to access the nuxeo web application, so I would like to force the login page for anonymous users. How can we achieve this?
I have played with the forceAnonymousLogin parameter, but with little success.
Hi,
How about overriding the StartupHelper ? This is done in the Social Collaboration Module and in CMF.. something like:
/**
* Overwrite default StartupHelper to provide custom startup page.
*/
@Name("startupHelper")
@Scope(SESSION)
@Install(precedence = Install.DEPLOYMENT)
public class MyStartupHelper extends StartupHelper {
private static final long serialVersionUID = 1L;
@Override
@Begin(id = "#{conversationIdGenerator.nextMainConversationId}", join = true)
public String initDomainAndFindStartupPage(String domainTitle, String viewId) {
String result = super.initDomainAndFindStartupPage(domainTitle, viewId);
NuxeoPrincipal principal = (NuxeoPrincipal) documentManager.getPrincipal();
if (principal.isAdministrator()) {
return result;
} else if (principal.isAnonymous()) {
try {
FacesContext.getCurrentInstance().getExternalContext().redirect(NXAuthConstants.LOGOUT_PAGE);
} catch (IOException e) { }
return null;
} else {
return dashboardNavigationHelper.navigateToDashboard();
}
}
}
<pre> Principal currentUser = FacesContext.getCurrentInstance().getExternalContext().getUserPrincipal();
if ("Guest".equals(currentUser.getName())) { … } </pre>
I really would like to mark both replies as answer, but since I only can mark one, and this is the one I have implemented, there you go. Thank you.
Hi,
If you force the login page for anonymous users, then there is no more anonymous access :)
You must define the URLs/paths which will be anonymously accessible (read rights to the Guest user). Then, any other URL/path including the login page will require a login.
<extension point="openUrl"
target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
<openUrl name="OpenSocialRPCInquiry">
<grantPattern>/nuxeo/nxfile/.*/blobholder.*/*</grantPattern>
</openUrl>
</extension>
You should be as much precise as possible since you're opening the matching URLs to no authentication at all.
You could also play with the org.nuxeo.ecm.platform.ui.web.auth.plugins.AnonymousAuthenticator, override default chains and define specificChains to restrict the anonymous access; or write your own authenticator…