You are viewing the documentation for Blueriq 14. Documentation for other versions is available in our documentation directory.
Defining a customBean
authentication provider
In the application.properties
file only one property is expected for a customBean
authentication provider:
blueriq.security.auth-providers.myAuthProvider01.type=customBean
The name of the authentication provider is used as the name of the Spring bean to lookup in the application context. Spring searches in the application context for a bean of the type org.springframework.security.authentication.AuthenticationProvider
with (in this example) the name myAuthProvider01
. So it is important that a bean with the specified name is available in the application context.
An implementation example of a custom AuthenticationProvider:
@Component public class MyCustomAuthenticationProvider implements AuthenticationProvider { @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { String name = authentication.getName(); String password = authentication.getCredentials().toString(); if (shouldAuthenticateAgainstThirdPartySystem()) { // use the credentials and authenticate against the third-party system return new UsernamePasswordAuthenticationToken(name, password, new ArrayList<>()); } else { return null; } } @Override public boolean supports(Class<?> authentication) { return authentication.equals(UsernamePasswordAuthenticationToken.class); } } @Configuration public class SecurityConfigurationMyAuthProviderConfig { @Bean public AuthenticationProvider myAuthProvider01() { return new MyCustomAuthenticationProvider(); } }
Custom Authentication
By default, Blueriq authentication manager can map roles, teams and custom properties when creating the user object from the authentication data that implements the com.aquima.web.security.BlueriqAuthentication interface.
Providing a custom Authentication implementation
Custom authentication can be provided by implementing the com.blueriq.component.api.security.BlueriqAuthentication and can only be used by using a custom authentication provider.
Example:
public class CustomBlueriqAuthentication implements BlueriqAuthentication { private String userName; private List<SimpleGrantedAuthority> authorities; private List<String> roles; private List<String> teams; private boolean authenticated = false; private Map<String, String> properties; public CustomBlueriqAuthentication() { super(); this.userName = "testUsername"; this.properties = new HashMap<>(); this.authorities = Collections.emptyList(); this.roles = Collections.emptyList(); this.teams = Collections.emptyList(); } @Override public Collection<? extends GrantedAuthority> getAuthorities() { return authorities; } @Override public Object getCredentials() { return null; } @Override public Object getDetails() { return null; } @Override public Object getPrincipal() { return userName; } @Override public boolean isAuthenticated() { return authenticated; } @Override public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException { this.authenticated = isAuthenticated; } @Override public String getName() { return userName; } @Override public List<String> getTeams() { return teams; } @Override public List<String> getRoles() { return roles; } @Override public boolean isAnonymous() { return false; } @Override public boolean isAutomatic() { return false; } @Override public List<String> getPropertyNames() { return new ArrayList<>(properties.keySet()); } @Override public String getProperty(String name) { return properties.get(name); } }
The benefits of implementing the BlueriqAuthentication interface are:
- roles and teams are automatically added to the IUserData objects created by the built-in IAuthorisationManager
- custom properties from HTTP headers (as configured in application.properties) are automatically added to the IUserData objects created by the built-in IAuthorisationManager
- custom properties from OpenID Connect claims (as configured in application.properties) are automatically added to the IUserData objects created by the built-in IAuthorisationManager