You are viewing the documentation for Blueriq 16. Documentation for other versions is available in our documentation directory.

Defining a customBean authentication provider

 

In the application.properties file only one property is expected for a customBean authentication provider:

 

blueriq.security.auth-providers.myAuthProvider01.type=customBean

 


The name of the authentication provider is used as the name of the Spring bean to lookup in the application context. Spring searches in the application context for a bean of the type org.springframework.security.authentication.AuthenticationProvider with (in this example) the name myAuthProvider01. So it is important that a bean with the specified name is available in the application context.

 

An implementation example of a custom AuthenticationProvider:

 

@Component
public class MyCustomAuthenticationProvider implements AuthenticationProvider {
 
    @Override
    public Authentication authenticate(Authentication authentication) 
      throws AuthenticationException {
        String name = authentication.getName();
        String password = authentication.getCredentials().toString();
         
        if (shouldAuthenticateAgainstThirdPartySystem()) {
            // use the credentials and authenticate against the third-party system
            return new UsernamePasswordAuthenticationToken(name, password, new ArrayList<>());
        } else {
            return null;
        }
    }
 
    @Override
    public boolean supports(Class<?> authentication) {
        return authentication.equals(UsernamePasswordAuthenticationToken.class);
    }
}

@Configuration
public class SecurityConfigurationMyAuthProviderConfig {

    @Bean
    public AuthenticationProvider myAuthProvider01() {
        return new MyCustomAuthenticationProvider();
    }
}

Custom Authentication

By default, Blueriq authentication manager can map roles, teams and custom properties when creating the user object from the authentication data that implements the com.aquima.web.security.BlueriqAuthentication interface.

Providing a custom Authentication implementation

Custom authentication can be provided by implementing the com.blueriq.component.api.security.BlueriqAuthentication and can only be used by using a custom authentication provider.

Example:

public class CustomBlueriqAuthentication implements BlueriqAuthentication {

    private String userName;
    private List<SimpleGrantedAuthority> authorities;
    private List<String> roles;
    private List<String> teams;
    private boolean authenticated = false;
    private Map<String, String> properties;

	public CustomBlueriqAuthentication() {
      super();
      this.userName = "testUsername";
      this.properties = new HashMap<>();
      this.authorities = Collections.emptyList();
      this.roles = Collections.emptyList();
      this.teams = Collections.emptyList();
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
      return authorities;
    }

    @Override
    public Object getCredentials() {
      return null;
    }

    @Override
    public Object getDetails() {
      return null;
    }

    @Override
    public Object getPrincipal() {
      return userName;
    }

    @Override
    public boolean isAuthenticated() {
      return authenticated;
    }

    @Override
    public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
      this.authenticated = isAuthenticated;
    }

    @Override
    public String getName() {
      return userName;
    }

    @Override
    public List<String> getTeams() {
      return teams;
    }

    @Override
    public List<String> getRoles() {
      return roles;
    }

    @Override
    public boolean isAnonymous() {
      return false;
    }


    @Override
    public boolean isAutomatic() {
      return false;
    }

    @Override
    public List<String> getPropertyNames() {
      return new ArrayList<>(properties.keySet());
    }

    @Override
    public String getProperty(String name) {
      return properties.get(name);
    }

  }


The benefits of implementing the BlueriqAuthentication interface are:

  • roles and teams are automatically added to the IUserData objects created by the built-in IAuthorisationManager
  • custom properties from HTTP headers (as configured in application.properties) are automatically added to the IUserData objects created by the built-in IAuthorisationManager
  • custom properties from OpenID Connect claims  (as configured in application.properties) are automatically added to the IUserData objects created by the built-in IAuthorisationManager




  • No labels