我们正在尝试基于Spring Cloud微服务(包括单独的Auth服务器)实施SSO解决方案。
我们的一项服务是通过CMIS客户(Apache Chemistry)与Alfresco合作。
We are trying to implement SSO solution based on Spring Cloud microservices including separate Auth server.One of our services works with Alfresco through the CMIS client (Apache Chemistry).Having read lots of docs I still cannot find out how to make Alfresco check the Bearer "token" and login without password.
I reviewed this solution but here is the idea of creating new people with predefined passwords. But Alfresco may be configured with LDAP (so is Auth server) - there's a good chance that there are same users with their own passwords.
- 传入请求被过滤器捕获;
- 然后从标头中提取令牌;
- 然后使用令牌以便从Auth服务器检索有关Principal(绑定到该令牌)的一些基本信息;
- 然后,假设,检查Alfresco中是否已经存在具有该名称的用户,如果是,请登录。
- incoming request is caught in filters;
- then token is extracted from headers;
- then token is used in order to retrieve some basic info about Principal (bound to that token) from Auth server;
- then, lets say, check if user with such name already exists in Alfresco and if yes, login them.
And here is the problem: how to login without password at all?Moreover: there's a chance that it won't work as there are several CMIS filters in web.xml that may work in a different way.
Well, actually I am not sure if that solution is good.
Does anyone know any better option for that case?Is there some universal solution for CMIS which I may have missed?
Have you tried putting an Apache proxy in front of Tomcat and using Apache to deal with the SSO token? You can then use the Alfresco "external" authentication mechanism to essentially tell Alfresco to trust Apache to handle it. I believe this works with CMIS but I haven't tested it lately.
这篇关于通过CMIS进行Alfresco社区OAuth2 SSO的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!