As documented at http://incubator.apache.org/chemistry/opencmis-client-bindings.html, the only way to configure a custom AuthenticationProvider is to specify the fully-qualified classname as a String entry in the Session parameters Map. This is a crude approach that (amongst other things) makes it very difficult to implement a custom AuthenticationProvider that itself has one or more dependencies.
The solution is to support (but not require, obviously) the dependency injection of custom AuthenticationProviders, either directly (can be injected directly into the CmisBindingFactory) or indirectly (can be injected into custom client code, and than passed either as a Session parameter or whatever to CmisBindingFactory).
From a brief perusal it appears there are at least two ways of achieving this:
- allow an instance of an AuthenticationProvider to be provided in the Session parameters Map. Note: this would require that the type of the Map is modified from Map<String, String> to Map<String, Object>, but this is probably a good idea anyway as it seems unlikely that all Session parameters, now and in the future, will always be Strings.
- add a setter to the CmisBindingFactory that allows the AuthenticationProvider to be configured directly.