CMS Authentication Plugin with Google Identity Toolkit (v1.0)

CMS Authentication Plugin with Google Identity Toolkit is a library (.jar library) that contains an implementation to authenticate and authorize the access to the CMS admin interface.

Before integrating this plugin it is recommended to view the official Google Identity Toolkit documentation.

Gitkit Authentication

Installation

To install the plugin in a web application, the following steps are needed.

Step 1. Add dependency to the plugin library

The plugin is published in Maven Central repository.

<dependency>
    <groupId>com.webpagebytes.auth-gitkit</groupId>
    <artifactId>wpb-auth-gitkit-plugins</artifactId>
    <version>1.0</version>
</dependency>

Step 2. Configure the plugin in the CMS configuration xml file

The Webpagebytes CMS configuration xml file needs to contain an wpbauthentication element.

<wpbauthentication>
    <factoryclass>com.webpagebytes.authgitkit.WPBGitkitAuthentication</factoryclass>
</wpbauthentication> 

Step 3. Configure the login, logout and profile urls

The web application will need to have dedicated urls and web pages for login, logout and profile. The plugin contains servlets implementations for login, logout and profile functionalities.
The web application web.xml needs to contain the following servlets.

<servlet>
    <servlet-name>login</servlet-name>
    <servlet-class>com.webpagebytes.authgitkit.GitkitLoginPage</servlet-class>
</servlet>  
<servlet-mapping>
<servlet-name>login</servlet-name>
    <url-pattern>/myadmin/login</url-pattern>
</servlet-mapping>
<servlet>
    <servlet-name>logout</servlet-name>
    <servlet-class>com.webpagebytes.authgitkit.GitkitLogout</servlet-class>
</servlet>  
<servlet-mapping>
    <servlet-name>logout</servlet-name>
    <url-pattern>/myadmin/logout</url-pattern>
</servlet-mapping>
<servlet>
    <servlet-name>profile</servlet-name>
    <servlet-class>com.webpagebytes.authgitkit.GitkitLoginPage</servlet-class>
</servlet>  
<servlet-mapping>
<servlet-name>profile</servlet-name>
    <url-pattern>/myadmin/profile</url-pattern>
</servlet-mapping>

In the above example login page will be published at /myadmin/login.

In the servlet container add a context parameter to configure the login, logout and profile servlets.

<Context>
    ...
    <Parameter name="wpbAuthGitkitConfigFile" value="path_to_gitkit_context_config" />
    ...
</Context>

The gitkit context configuration file needs to contain the following properties

loginPageFilePath=path_to_login_page_widget
tokenCookie=gtoken
loginPageUrl=https://example.com/myadmin/login?mode=select
profilePageUrl=https://example.com/myadmin/profile?mode=manageAccount
logoutPageUrl=https://example.com/myadmin/logout
gitkitClientConfigPath=gitkit_server_config
adminEmails=john@example.com,mike@example.com

path_to_login_page_widget is the path to the login page widget, see Google Identity Toolkit documentation.
gitkit_server_config is the path to the Google Identity Toolkit server configuration file .
adminEmails is the list of user emails that are allowed to access the CMS administration interface, if the authenticated user email is not in this list then the request is considered as not authorized.