3

My Objective is of deploying xwiki along side one of the Java spring-boot based web application. Over all objective is to provide RBAC and serve user content in Web APP. I guess Restful API would have to be used for the task.

I have installed https://github.com/xwiki-contrib/compatibleone-wiki-nodes-demo On my localhost. Since the web-app uses Cassandra as persistent store.

I have queries regarding how will the authentication mechanism work?. We are using Oauth Based Authentication in Web app.

Do i need to sync user info from Web App to XWiki?

Any Help would be greatly appreciated regarding the Architecture.

utkarsh dubey
  • 875
  • 7
  • 19

1 Answers1

0

I would have a look at the container based authentication provided by XWiki

http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HContainerAuthentication

Assuming you are running the Xwiki webapp and your own webapp in the same spring boot container, then they can both utilise the authn / authz services provided by your preferred container (I imagine either jetty or tomcat will be fine)

That said, if your WebApp is handling all the user interaction then it could proxy the requests through to the wiki which would allow you to set your own rules on how the authn / authz and profile would all work.

stringy05
  • 6,511
  • 32
  • 38
  • Thanks for response Xwiki runs on its own Tomcat/jetty container. I am using nginx to proxying request to XWiki. I have build a custom authenticator to provide login to Xwiki using access_token from webapp but unable to do so. – utkarsh dubey Apr 16 '15 at 11:12
  • 1
    You should be able to make the XWiki custom authenticator call back to the spring boot app to get authn/authz decisions. I would have your webapp create a session and pass this along with the requests to xwiki. Xwiki can then callback using the custom authenticator to a service on the webapp which will verify the session id, and provide any user profile info if required. XWiki will need to create a local user which is a proxy of the webapp user. Or you can just trust the remote user on the request like this: https://app.box.com/shared/9kamt5d9c5 – stringy05 Apr 16 '15 at 23:00
  • True makes sense did that only :) made a REST Call to spring-boot app verifying the access token in Xwikicontext which was passed via Nginx – utkarsh dubey Apr 17 '15 at 01:03