1

我正在为一个潜在的大型项目调查 Nuxeo,我们选择的技术是 ASP.Net Core Web API 和 UI 端作为 React。

我需要关于如何处理身份验证和授权部分的建议。

目前我在想,每当用户创建帐户时,我都会在我们的外部身份验证服务中创建一个帐户,然后在 Nuxeo 端也创建一个新的用户帐户。

当用户登录时,首先它通过外部服务登录,然后我也将同一用户登录到 nuxeo。

因此,每当用户执行任何请求时,它都会使用自己的登录实例来执行此操作。

我需要的建议是

  1. 这种方法好吗?意味着在 nuxeo 方面也为每个用户创建一个新帐户?还是应该只使用超级用户管理员,所有请求都通过它?
  2. 如果我使用仅使用用户管理员 Ex 创建客户端实例的方法。新客户端(管理员,管理员),我应该只缓存这个实例并为所有请求使用相同的实例吗?

请提出建议或想法!

4

1 回答 1

0

The first approach is much better if you want to leverage the ACL management provided by nuxeo. With the second one, you will need to verify outside nuxeo if a given user has access to a certain content or not.

The second approach is the easiest one but I suggest using the first approach. The way to do this is to create a custom authentication plugin in Java within nuxeo.

This custom authentication plugin will be responsible for calling your external authentication solution, verify if the user is authenticated, and if it is the case, authenticate the user in nuxeo (or create it if the user doesn't exist).

Below you will find some examples of how to do this:

https://github.com/michaelgena/nuxeo-unify-sso

https://www.nuxeo.com/blog/guest-post-integrating-single-sign-sso-nuxeo-case-management/

The nuxeo authentication solution is pluggable, which means that you can add your custom authentication mechanism so that whenever a user tries to connect to nuxeo the authentication goes through your custom authentication plugin.

于 2017-07-17T07:17:26.967 回答