Implementing a CMS Authentication Mechanism
Suppose you want to impose an authentication step to all users who want to edit documents in the Oxygen XML Web Author Component. This is usually required when the CMS needs authentication before granting access to a file. The Oxygen XML Web Author Component provides both a server-side and client-side API that allows you to implement such a mechanism.
Implement CMS Authentication Mechanism
The following is a list of the basic building blocks of the authentication mechanism:
- Develop a plugin that implements the
ro.sync.exml.plugin.urlstreamhandler.URLStreamHandlerPluginExtensioninterface. Considering the multiple user context of the Oxygen XML Web Author Component, thegetURLStreamHandlermethod should return an instance of thero.sync.ecss.extensions.api.webapp.plugin.URLStreamHandlerWithContextclass. This class tracks the user, based on the URL connection that will be made. - If the CMS rejects the connection attempt with a message that the user is not
authenticated, you should throw a
ro.sync.ecss.extensions.api.webapp.plugin.UserActionRequiredExceptionexception. This exception is automatically relayed to the client-side as async.api.WebappMessageJavaScript object. - On the client side, follow these steps:
- Use the
sync.api.Editor.EventTypes.CUSTOM_MESSAGE_RECEIVEDevent to intercept the messages sent from the server-side. - Display a dialog box to collect more authentication information from the user.
- Send the credentials to the server, more specifically to the
ro.sync.ecss.extensions.api.webapp.plugin.URLStreamHandlerWithContextinstance defined at step 1. For this part, you will need to implement a secure way to transmit the credentials. This can range from a simple servlet that runs in the Oxygen XML Web Author Component to an OAuth implementation. - Retry the operation that triggered the authentication procedure.
- Use the