Page History
Note |
---|
The Blueriq Runtime deliveres an out-of-the-box in-memory authentication provider in Java and a DefaultProvider in .NET. These default implementations should only be used for development purposes as they store the credentials in plain text on the filesystem. |
Java Runtime configuration
The Java Runtime reads the authentication configuration from Spring environment properties, under the covers Spring Security is used. In the Java Runtime one Spring Security AuthenticationManager bean named blueriqAuthenticationManager
is registered, defined in com.aquima.web.boot.SecurityConfiguration
. An anonymous authentication provider is added by default (hardcoded), this is used for anonymous access.
Blueriq supports an in-memory
authentication provider type and a customBean
authentication provider type for custom authentication needs. Multiple authentication providers can be chained. Every authentication provider must have a unique name, this name is also used in the auth-providers-chain
property to determine the order of the authentication providers in the chain.
Properties
Like all security properties, the authentication properties are prefixed with blueriq.security
. For every authentication provider a type must be specified,
it can be in-memory
or customBean or LDAP
. Checkout these pages on how it works:
Children Display |
---|
Chain: Specifying which authentication providers to use
Only authentication providers specified in the blueriq.security.auth-providers-chain
property will be used by the Blueriq Runtime. The providers will be tried in the order they are specified in the chain. A warning will appear in the Blueriq Runtime log when no authentication providers are specified in the chain.
Example of authentication providers chain using two out of three specified providers:
Code Block | ||
---|---|---|
| ||
blueriq.security.auth-providers.local01.type=in-memory blueriq.security.auth-providers.local01.users.location=users.properties blueriq.security.auth-providers.myAuthProvider01.type=customBean blueriq.security.auth-providers.myAuthProvider02.type=customBean # add any provider to this chain, can be multiple LDAP / in-memory / customBean blueriq.security.auth-providers-chain=myAuthProvider01,local01 |
.NET Runtime configuration
The .NET Runtime reads the authentication configuration from Web.config
using the ASP.NET standard mechanisms for membership and role services. Blueriq has a DefaultMembershipProvider
and DefaultRoleProvider
that will read its users and roles from Web.config
sections.
Example of using the Blueriq providers:
Code Block | ||||
---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="utf-8"?> <configuration> <configSections> <section name="defaultMembership" type="Aquima.WebApplication.Foundation.Security.DefaultMembershipProviderHandler" /> <section name="defaultRoleProvider" type="Aquima.WebApplication.Foundation.Security.DefaultRoleProviderHandler" /> ... </configSections> <defaultMembership> <users> <user name="admin" password="welcome" /> <user name="user" password="welcome" /> </users> </defaultMembership> <defaultRoleProvider> <users> <user name="admin"> <roles> <role name="admin" /> </roles> </user> </users> </defaultRoleProvider> <system.web> <authentication mode="Forms" /> <membership defaultProvider="defaultProvider"> <providers> <add name="defaultProvider" type="Aquima.WebApplication.Foundation.Security.DefaultMembershipProvider" /> </providers> </membership> <roleManager enabled="true" defaultProvider="defaultProvider"> <providers> <add name="defaultProvider" type="Aquima.WebApplication.Foundation.Security.DefaultRoleProvider" /> </providers> </roleManager> ... </system.web> ... </configuration> |
It is also possible to configure ASP.NET built-in providers (for example ActiveDirectoryMembershipProvider
and/or AuthorizationStoreRoleProvider
) or create your own implementations of System.Web.Security.MembershipProvider
and/or System.Web.Security.RoleProvider
.