Page History
Defining a customBean
authentication provider
In the application.properties
file only one property is expected for a customBean
authentication provider:
...
Code Block |
---|
@Component public class MyCustomAuthenticationProvider implements AuthenticationProvider { @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { String name = authentication.getName(); String password = authentication.getCredentials().toString(); if (shouldAuthenticateAgainstThirdPartySystem()) { // use the credentials and authenticate against the third-party system return new UsernamePasswordAuthenticationToken(name, password, new ArrayList<>()); } else { return null; } } @Override public boolean supports(Class<?> authentication) { return authentication.equals(UsernamePasswordAuthenticationToken.class); } } @Configuration public class SecurityConfigurationMyAuthProviderConfig { @Bean public AuthenticationProvider myAuthProvider01() { return new MyCustomAuthenticationProvider(); } } |
Definening a custom Authentification
...
Custom Authentication
By default, Blueriq authentication manager can map roles, teams and custom claims( properties ) when creating the user object from the authentication datathat implements the com.aquima.web.security.BlueriqAuthentication interface.
Providing a custom Authentication implementation
Custom authentication can be provided by implementing the com.blueriq.component.api.security.BlueriqAuthentication and can only be used by using a custom authentication provider.
Example:
Code Block | ||
---|---|---|
| ||
public class CustomBlueriqAuthentication implements BlueriqAuthentication { private String userName; private List<SimpleGrantedAuthority> authorities; private List<String> roles; private List<String> teams; private boolean authenticated = false; private Map<String, String> properties; public CustomBlueriqAuthentication() { super(); this.userName = "testUsername"; this.properties = new HashMap<>(); this.authorities = Collections.emptyList(); this.roles = Collections.emptyList(); this.teams = Collections.emptyList(); } @Override public Collection<? extends GrantedAuthority> getAuthorities() { return authorities; } @Override public Object getCredentials() { return null; } @Override public Object getDetails() { return null; } @Override public Object getPrincipal() { return userName; } @Override public boolean isAuthenticated() { return authenticated; } @Override public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException { this.authenticated = isAuthenticated; } @Override public String getName() { return userName; } @Override public List<String> getTeams() { return teams; } @Override public List<String> getRoles() { return roles; } @Override public boolean isAnonymous() { return false; } @Override public boolean isAutomatic() { return false; } @Override public List<String> getPropertyNames() { return new ArrayList<>(properties.keySet()); } @Override public String getProperty(String name) { return properties.get(name); } } |
The benefits of implementing the BlueriqAuthentication interface are:
- roles and teams are automatically added to the IUserData objects created by the built-in IAuthorisationManager
- custom properties from HTTP headers (as configured in application.properties) are automatically added to the IUserData objects created by the built-in IAuthorisationManager
- custom properties from OpenID Connect claims (as configured in application.properties) are automatically added to the IUserData objects created by the built-in IAuthorisationManager
Overview
Content Tools