Configuring authentication
To configure authentication for the CKFinder 3 for Java connector you need to create a class that implements the Authenticator
interface. Thanks to the path scan mechanism, the authenticator will be automatically registered in the CKFinder’s internal dependency injection container.
A basic implementation that returns true
from the authenticate()
method (which is obviously not secure) can look like below:
Your authenticator should never simply return true
. By doing so, you are allowing anyone to upload and list the files on your server. In a real life scenario you should implement some kind of request validation mechanism to make sure that only trusted users can upload or delete your files.
In the next example, it is assumed that the session attribute named allowedToAccessCKFinder
has been set for the authenticated user by the host application, and only a user with the allowedToAccessCKFinder
attribute present in the session should be allowed to access CKFinder.
As you can see in the example, the current HttpServletRequest
instance can be autowired to the authenticator instance. To read more about the CKFiner DI container, refer to the Dependency injection article.