Runtime configuration

The Java Runtime reads the authentication configuration from Spring environment properties, under the covers Spring Security is used. In the Java Runtime one Spring Security AuthenticationManager bean named blueriqAuthenticationManager is registered, defined in com.aquima.web.boot.SecurityConfiguration. An anonymous authentication provider is added by default (hardcoded), this is used for anonymous access.

Blueriq supports an in-memory authentication provider type and a customBean authentication provider type for custom authentication needs. Multiple authentication providers can be chained. Every authentication provider must have a unique name, this name is also used in the auth-providers-chain property to determine the order of the authentication providers in the chain.

Properties

Like all security properties, the authentication properties are prefixed with blueriq.security. For every authentication provider a type must be specified,

it can be in-memory or customBean or LDAP. Checkout these pages on how it works:

Children Display

Chain: Specifying which authentication providers to use

Only authentication providers specified in the blueriq.security.auth-providers-chain property will be used by the Blueriq Runtime. The providers will be tried in the order they are specified in the chain. A warning will appear in the Blueriq Runtime log when no authentication providers are specified in the chain.

Example of authentication providers chain using two out of three specified providers:

blueriq.security.auth-providers.local01.type=in-memory
blueriq.security.auth-providers.local01.users.location=users.properties
blueriq.security.auth-providers.myAuthProvider01.type=customBean
blueriq.security.auth-providers.myAuthProvider02.type=customBean

# add any provider to this chain, can be multiple LDAP / in-memory / customBean
blueriq.security.auth-providers-chain=myAuthProvider01,local01