Versions Compared

Old Version 7

changes.mady.by.user Manon van Tilburg

Saved on

compared with

New Version 8

changes.mady.by.user Geert Graat

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

Blueriq (exposed) flows can be protected by setting allowed roles on them. When a flow is started that requires the user to have an explicit role, this (by default) will redirect the user to the Blueriq login page. This article describes how to configure the authentication mechanism in the runtime that is 'behind' the login page. The Java and .NET runtime have similar functionality but are configured in a different way.

Java Runtime configuration

The Java Runtime reads the authentication configuration from Spring environment properties, under the covers Spring Security is used. In the Java Runtime one Spring Security AuthenticationManagaer bean named 'blueriqAuthenticationManager' is registered, defined in 'com.aquima.web.boot.SecurityConfiguration'. An anonymous authentication provider is added by default (hardcoded).

Blueriq supports an 'in-memory' authentication provider type and a 'customBean' authentication provider type for custom authentication needs. Multiple authentication providers can be chained. Every authentication provider must have an unique name, this name is also used in the 'auth-providers-chain' property to determine the order of the authentication providers in the chain.

Properties

Like all security properties, the authentication properties are prefixed with 'blueriq.security'. For every authentication provider a type must be specified, it can be 'in-memory' or 'customBean'.

Defining an 'in-memory' authentication provider

In the 'application.properties' file two properties are expected for an 'in-memory' authentication provider:

...

Code Block
# format: USERNAME=PASSWORD,ROLE1,ROLE2
admin=welcome,dcm,administrator
jane=welcome02,dcm,operator
john=welcome03,dcm

Defining a 'customBean' authentication provider

In the 'application.properties' file only one property is expected for a 'customBean' authentication provider:

...

Code Block
application.properties:
 
blueriq.security.auth-providers.local01.type=in-memory
blueriq.security.auth-providers.local01.users.location=users.properties
blueriq.security.auth-providers.myAuthProvider01.type=customBean
blueriq.security.auth-providers.myAuthProvider02.type=customBean
blueriq.security.auth-providers-chain=myAuthProvider01,local01

.NET Runtime configuration

TODO

  • Explain default configuration (local user store) in Web.config
  • Example of custom MembershipProvider