The token based authentication has been completely refactor in Oak and has the following general characteristics.
As of Oak the token based authentication is handled by a dedicated TokenLoginModule. It is both responsible for creating new login tokens and validating TokenCredentials passed to the repository login.
This token specific login module implementation obtains the TokenProvider from the security configuration as defined for the content repository. The token management implementation present with a given repository can be changed or extended at runtime (see section Configuration below).
The TokenLoginModuledesigned to support and issue TokenCredentials. The authentication phases behave as follows:
Phase 1: Login
Phase 1: Commit
Oak 1.0 defines the following interfaces used to manage login tokens:
In addition Oak comes with a default implementation of the provider interface that is able to aggregate multiple TokenProviders:
See section Pluggability for an example.
The characteristics of the default token management implementation is described in section Token Management : The Default Implementation.
The configuration options of the default implementation are described in the Configuration section.
The default security setup as present with Oak 1.0 is able to deal with custom token management implementations and will collect multiple implementations within CompositeTokenConfiguration present with the SecurityProvider. The CompositeTokenConfiguration itself will combine the different TokenProvider implementations using the CompositeTokenProvider.
In an OSGi setup the following steps are required in order to add a custom token provider implementation:
@Component() @Service({TokenConfiguration.class, SecurityConfiguration.class}) public class MyTokenConfiguration extends ConfigurationBase implements TokenConfiguration { public TokenConfigurationImpl() { super(); } public TokenConfigurationImpl(SecurityProvider securityProvider) { super(securityProvider, securityProvider.getParameters(NAME)); } @Activate private void activate(Map<String, Object> properties) { setParameters(ConfigurationParameters.of(properties)); } //----------------------------------------------< SecurityConfiguration >--- @Nonnull @Override public String getName() { return NAME; } //-------------------------------------------------< TokenConfiguration >--- @Nonnull @Override public TokenProvider getTokenProvider(Root root) { return new MyTokenProvider(root, getParameters()); } }