Security Provider
Developer information for OpenKM authentication through custom authentication provider (via patch) and custom Principal adapter (via plugin).
To learn more about OpenKM authentication providers, please visit Configuring openkm.xml.
To learn more about OpenKM plugins, please visit Register a new plugin.
You can download the application (code-samples.x.x.zip) from OpenKM Download center.
General description
Properties file
You have to modify the file called openkm.properties inside the $CATALINA_HOME folder.
These properties must be added or modified as follows:
| Property | Value |
|---|---|
| okm.authentication.database | false |
| okm.authentication.supervisor | false |
| okm.authentication.ldap | false |
| okm.authentication.config | file:/home/openkm/tomcat-8.5.69/openkm.xml
This is the path where your Tomcat is located. |
Custom Principal Adapter
You must read the following steps in order to configure this piece correctly:
Step 1: Download
Download the application from OpenKM Download center.
This will download a zip file containing a Maven project. For more information about Maven: https://maven.apache.org/guides/getting-started/maven-in-five-minutes.html
Step 2: OpenKM configuration
Go to the configuration through the OpenKM administration UI, search for this property principal.adapter and modify its value to com.openkm.plugin.principal.CustomPrincipalAdapter
Step 3: Install the plugin
Once you build the maven project (security-provider), you have to copy security-provider-jar-with-dependencies.jar into the path: $CATALINA_HOME/plugins
You can add or update users and roles by modifying the class com.openkm.security.utils.Users.java
Authentication Provider
You must read the following steps in order to configure this piece correctly:
Step 1: Download
The application is the same you downloaded from OpenKM Download center.
Step 2: Install the patch
Once you build the maven project (security-provider) copy these two classes:
- You have to copy the class com.openkm.security.provider.TestCustomAuthProvider.class from security-provider.jar into the path: $CATALINA_HOME/webapps/openkm/WEB-INF/classes/com/openkm/security/provider
- Copy com.openkm.security.utils.Users.class from security-provider.jar into the path: $CATALINA_HOME/webapps/openkm/WEB-INF/classes/com/openkm/security/utils
If you added or updated users and roles, you also have to modify the class com.openkm.security.provider.TestCustomAuthProvider.java
In addition, you have to configure a patch to preserve those classes across future OpenKM updates. To do this, create a folder called $TOMCAT_HOME/patch. Create a script called prepare.sh with this content:
#!/bin/bash
if [ -f "openkm.war" ]; then
echo "Patching WAR..."
jar uf openkm.war WEB-INF/classes/com/openkm/security/provider/TestCustomAuthProvider.class
jar uf openkm.war WEB-INF/classes/com/openkm/security/utils/Users.class
echo "Done!"
else
echo "Unable to patch file"
fi
Remember to check executable permissions of the prepare.sh script.
Step 3: OpenKM configuration
You need this content in your openkm.xml.
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- Security delegated to classes -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="testAuthProvider" />
</security:authentication-manager>
<beans:bean id="testAuthProvider" class="com.openkm.security.provider.TestAuthProvider">
</beans:bean>
</beans:beans>
