You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Introduction

Blueriq (exposed) flows can be protected by setting allowed roles on them. When a flow is started that requires the user to have an explicit role, this (by default) will redirect the user to the Blueriq login page. This article describes how to configure the authentication mechanism in the runtime that is 'behind' the login page. The Java and .NET runtime have similar functionality but are configured in a different way.

Java Runtime configuration

The Java Runtime reads the authentication configuration from Spring environment properties, under the covers Spring Security is used. In the Java Runtime one Spring Security AuthenticationManagaer bean named 'blueriqAuthenticationManager' is registered, defined in 'com.aquima.web.boot.SecurityConfiguration'. An anonymous authentication provider is added by default (hardcoded).

Blueriq supports an 'in-memory' authentication provider type and a 'customBean' authentication provider type for custom authentication needs. Multiple authentication providers can be chained. Every authentication provider must have an unique name, this name is also used in the 'auth-providers-chain' property to determine the order of the authentication providers in the chain.

Properties

Like all security properties, the authentication properties are prefixed with 'blueriq.security'. For every authentication provider a type must be specified, it can be 'in-memory' or 'customBean'.

Defining an 'in-memory' authentication provider

In the 'application.properties' file two properties are expected for an 'in-memory' authentication provider:

blueriq.security.auth-providers.local01.type=in-memory
blueriq.security.auth-providers.local01.users.location=users.properties
  • "auth-providers" is the property name of the authentication providers property
  • After the property name, the name of the authentication provider is specified. In this example the name is 'local01'. 


An in-memory authentication provider needs the file location of a property file to load the users/roles from, this is specified in the 'users.location' property.


An example of a 'users.properties' file:

# format: USERNAME=PASSWORD,ROLE1,ROLE2
admin=welcome,dcm,administrator
jane=welcome02,dcm,operator
john=welcome03,dcm

Defining a 'customBean' authentication provider

In the 'application.properties' file only one property is expected for a 'customBean' authentication provider:

blueriq.security.auth-providers.myAuthProvider01.type=customBean


The name of the authentication provider is used as the name of the Spring bean to lookup in the application context. Spring searches in the application context for a bean of the type org.springframework.security.authentication.AuthenticationProvider with (in this example) the name 'myAuthProvider01'. So it is important that a bean with the specified name is available in the application context.

An implementation example of a custom AuthenticationProvider:

@Component
public class MyCustomAuthenticationProvider implements AuthenticationProvider {
 
    @Override
    public Authentication authenticate(Authentication authentication) 
      throws AuthenticationException {
        String name = authentication.getName();
        String password = authentication.getCredentials().toString();
         
        if (shouldAuthenticateAgainstThirdPartySystem()) {
            // use the credentials and authenticate against the third-party system
            return new UsernamePasswordAuthenticationToken(name, password, new ArrayList<>());
        } else {
            return null;
        }
    }
 
    @Override
    public boolean supports(Class<?> authentication) {
        return authentication.equals(UsernamePasswordAuthenticationToken.class);
    }
}

@Configuration
public class SecurityConfigurationMyAuthProviderConfig {

    @Bean
    public AuthenticationProvider myAuthProvider01() {
        return new MyCustomAuthenticationProvider();
    }
}

 

Example of authentication providers chaining:

application.properties:
 
blueriq.security.auth-providers.local01.type=in-memory
blueriq.security.auth-providers.local01.users.location=users.properties
blueriq.security.auth-providers.myAuthProvider01.type=customBean
blueriq.security.auth-providers.myAuthProvider02.type=customBean
blueriq.security.auth-providers-chain=myAuthProvider01,local01

.NET Runtime configuration

TODO

  • Explain default configuration (local user store) in Web.config
  • Example of custom MembershipProvider
  • No labels

Didn't find the answer you were looking for? Try the advanced search