Page History
...
The Java Runtime reads the authentication configuration from Spring environment properties, under the covers Spring Security is used. In the Java Runtime one Spring Security AuthenticationManagaer AuthenticationManager bean named 'blueriqAuthenticationManager
' is is registered, defined in 'com.aquima.web.boot.SecurityConfiguration
'. An anonymous authentication provider is added by default (hardcoded).
Blueriq supports an 'in-memory
' authentication authentication provider type and a 'customBean
' authentication authentication provider type for custom authentication needs. Multiple authentication providers can be chained. Every authentication provider must have an a unique name, this name is also used in the 'auth-providers-chain
' property property to determine the order of the authentication providers in the chain.
...
Like all security properties, the authentication properties are prefixed with 'blueriq.security
'. For every authentication provider a type must be specified, it can be 'in-memory
' or ' or customBean
'.
Defining an
...
in-memory
...
authentication provider
In the 'application.properties
' file file two properties are expected for an 'in-memory
' authentication authentication provider:
Code Block |
---|
blueriq.security.auth-providers.local01.type=in-memory blueriq.security.auth-providers.local01.users.location=users.properties |
- "
auth-providers
" is is the property name of the authentication providers property - After the property name, the name of the authentication provider is specified. In this example the name is '
local01
'.
An in-memory authentication provider needs the file location of a property file to load the users/roles from, this is specified in the 'users.location
' property property.
An example of a 'users.properties
' file file:
Code Block |
---|
# format: USERNAME=PASSWORD,ROLE1,ROLE2 admin=welcome,dcm,administrator jane=welcome02,dcm,operator john=welcome03,dcm |
Defining a 'customBean' authentication provider
In the 'application.properties
' file file only one property is expected for a 'customBean
' authentication authentication provider:
Code Block |
---|
blueriq.security.auth-providers.myAuthProvider01.type=customBean |
The name of the authentication provider is used as the name of the Spring bean to lookup in the application context. Spring searches in the application context for a bean of the type org.springframework.security.authentication.AuthenticationProvider
with with (in this example) the name 'myAuthProvider01
'. So it is important that a bean with the specified name is available in the application context.
...
Example of authentication providers chaining:
Code Block | ||
---|---|---|
| ||
:
blueriq.security.auth-providers.local01.type=in-memory
blueriq.security.auth-providers.local01.users.location=users.properties
blueriq.security.auth-providers.myAuthProvider01.type=customBean
blueriq.security.auth-providers.myAuthProvider02.type=customBean
blueriq.security.auth-providers-chain=myAuthProvider01,local01 |
...