[
https://issues.apache.org/jira/browse/CMIS-887?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14296742#comment-14296742
]
Sascha Homeier commented on CMIS-887:
-------------------------------------
Sry for commenting on a resolved ticket but I recently implemented the same
behaviour and maybe it helps you:
On client side I extended StandardAuthenticationProvider to set the HTTPHeaders
and on Server Side I extended TokenCallContextHandler to properly handle the
additionally Tokens and set them on CallContext so that they are available
later.
Hope this is correct and intended usage of Chemistry, otherwise Florian may
berate me ;)
I did this because I want to know if client is using my CMIS Client (then I set
a version HTTP param) or another one (then the HTTP param is not set).
So similiar to your use case where you want to know user names instead of
client version.
Additionally I set encrpyted password header this way to support secure
authentication also via HTTP (not only via HTTPS)
> RunAs Authentication possiblity
> -------------------------------
>
> Key: CMIS-887
> URL: https://issues.apache.org/jira/browse/CMIS-887
> Project: Chemistry
> Issue Type: Improvement
> Components: opencmis-client, opencmis-server
> Affects Versions: OpenCMIS 0.12.0
> Environment: Alfresco 4.2
> Reporter: Tahir Malik
>
> There is no possibility to define a RunAs user through CMIS.
> At the moment we have a custom webscript in Alfresco which logs in as the
> RunAs user and returns the ticket.
> Then we use the ticket in the password field and do our stuff.
> It would be nice to extent the Authentication mechanism to supply extra
> parameters and control them server side so this is not needed.
> If this is already possible, then I didn't knew that and I'd love to have
> some info how to do that.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
