Versions Compared

Old Version 8

changes.mady.by.user Geert Graat

Saved on

compared with

New Version 9

changes.mady.by.user Geert Graat

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Java Runtime reads the authentication configuration from Spring environment properties, under the covers Spring Security is used. In the Java Runtime one Spring Security AuthenticationManagaer AuthenticationManager bean named 'blueriqAuthenticationManager' is  is registered, defined in 'com.aquima.web.boot.SecurityConfiguration'. An anonymous authentication provider is added by default (hardcoded).

Blueriq supports an 'in-memory' authentication  authentication provider type and a 'customBean' authentication  authentication provider type for custom authentication needs. Multiple authentication providers can be chained. Every authentication provider must have an a unique name, this name is also used in the 'auth-providers-chain' property  property to determine the order of the authentication providers in the chain.

...

Like all security properties, the authentication properties are prefixed with 'blueriq.security'. For every authentication provider a type must be specified, it can be 'in-memory' or ' or customBean'.

Defining an

...

in-memory

...

 authentication provider

In the 'application.properties' file  file two properties are expected for an 'in-memory' authentication  authentication provider:

Code Block
blueriq.security.auth-providers.local01.type=in-memory
blueriq.security.auth-providers.local01.users.location=users.properties
  • "auth-providers" is  is the property name of the authentication providers property
  • After the property name, the name of the authentication provider is specified. In this example the name is 'local01'


An in-memory authentication provider needs the file location of a property file to load the users/roles from, this is specified in the 'users.location' property property.


An example of a 'users.properties' file file:

Code Block
# format: USERNAME=PASSWORD,ROLE1,ROLE2
admin=welcome,dcm,administrator
jane=welcome02,dcm,operator
john=welcome03,dcm

Defining a 'customBean' authentication provider

In the 'application.properties' file  file only one property is expected for a 'customBean' authentication  authentication provider:

Code Block
blueriq.security.auth-providers.myAuthProvider01.type=customBean


The name of the authentication provider is used as the name of the Spring bean to lookup in the application context. Spring searches in the application context for a bean of the type org.springframework.security.authentication.AuthenticationProvider with  with (in this example) the name 'myAuthProvider01'. So it is important that a bean with the specified name is available in the application context.

...

Example of authentication providers chaining:

Code Block
titleapplication.properties
:
 
blueriq.security.auth-providers.local01.type=in-memory
blueriq.security.auth-providers.local01.users.location=users.properties
blueriq.security.auth-providers.myAuthProvider01.type=customBean
blueriq.security.auth-providers.myAuthProvider02.type=customBean
blueriq.security.auth-providers-chain=myAuthProvider01,local01

...