Page History
...
The Java Runtime reads the authentication configuration from Spring environment properties, under the covers Spring Security is used. In the Java Runtime one Spring Security AuthenticationManager bean named blueriqAuthenticationManager
is registered, defined in com.aquima.web.boot.SecurityConfiguration
. An anonymous authentication provider is added by default (hardcoded), this is used for anonymous access.
Blueriq supports an in-memory
authentication provider type and a customBean
authentication provider type for custom authentication needs. Multiple authentication providers can be chained. Every authentication provider must have a unique name, this name is also used in the auth-providers-chain
property to determine the order of the authentication providers in the chain.
...
Code Block |
---|
@Component public class MyCustomAuthenticationProvider implements AuthenticationProvider { @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { String name = authentication.getName(); String password = authentication.getCredentials().toString(); if (shouldAuthenticateAgainstThirdPartySystem()) { // use the credentials and authenticate against the third-party system return new UsernamePasswordAuthenticationToken(name, password, new ArrayList<>()); } else { return null; } } @Override public boolean supports(Class<?> authentication) { return authentication.equals(UsernamePasswordAuthenticationToken.class); } } @Configuration public class SecurityConfigurationMyAuthProviderConfig { @Bean public AuthenticationProvider myAuthProvider01() { return new MyCustomAuthenticationProvider(); } } |
Specifying which authentication providers to use
Only authentication providers specified in the blueriq.security.auth-providers-chain
property will be used by the Blueriq Runtime. The providers will be tried in the order they are specified in the chain. A warning will appear in the Blueriq Runtime log when no authentication providers are specified in the chain.
Example of authentication providers chainingproviders chain using two out of three specified providers:
Code Block | ||
---|---|---|
| ||
blueriq.security.auth-providers.local01.type=in-memory
blueriq.security.auth-providers.local01.users.location=users.properties
blueriq.security.auth-providers.myAuthProvider01.type=customBean
blueriq.security.auth-providers.myAuthProvider02.type=customBean
blueriq.security.auth-providers-chain=myAuthProvider01,local01 |
...