You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.
Authentication providers
Blueriq uses Spring Security to allow custom flexible authentication providers. Spring Security provides a variety of options for performing authentication – all following a simple contract – an Authentication request is processed by an AuthenticationProvider and a fully authenticated object with full credentials is returned.
The 'blueriqAuthenticationManager' defined in 'com.aquima.web.boot.SecurityConfiguration' allows configuration based on Spring environment properties. The anonymous authenticationProvider should is be added (hardcoded) at the end of the authentication providers chain.
Blueriq provides support for an 'in-memory' authentication provider and a "customBean" authentication provider. Multiple authentication providers can be chained. Every authentication provider has a unique name. This name is also used in the auth-providers-chain property to determine the order of the authentication providers in the chain.
Properties
All security properties are prefixed with "blueriq.security".
An in-memory authentication provider
In the application.properties file two properties are expected. Example of an 'in-memory' authentication provider configuration:
blueriq.security.auth-providers.local01.type=in-memory blueriq.security.auth-providers.local01.users.location=users.properties
- All security properties are prefixed with "blueriq.security"
- "auth-providers" is the property name of the authentication providers property
- After the property name the name of the authentication provider is specified. In this example the name is "local01".
Each authentication provider has a type, it can be "in-memory" or "customBean".
An in-memory authentication provider also needs the name of the property file. This is specified by the users.location property.
An example of a users.properties file:
# format: USERNAME=PASSWORD,ROLE1,ROLE2 admin=welcome,dcm,administrator jane=welcome02,dcm,operator john=welcome03,dcm
A customBean authentication provider
blueriq.security.auth-providers.ldap01.type=customBean
When a custom authentication manager is used, only the type and name of the been in the Spring Context needs to be specified.
Spring looks in the application context for a custom implementation of the type org.springframework.security.authentication.AuthenticationProvider with the name "ldap01". So it is important that the AuthenticationBean with the specified name is available in the application context.
An implementation example of an AuthenticationProvider:
@Component
public class Ldap01AuthenticationProvider implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
String name = authentication.getName();
String password = authentication.getCredentials().toString();
if (shouldAuthenticateAgainstThirdPartySystem()) {
// use the credentials and authenticate against the third-party system
return new UsernamePasswordAuthenticationToken(name, password, new ArrayList<>());
} else {
return null;
}
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}
Example of authentication providers chaining:
application.properties: blueriq.security.auth-providers.local01.type=in-memory blueriq.security.auth-providers.local01.users.location=users.properties blueriq.security.auth-providers.ldap01.type=customBean blueriq.security.auth-providers-chain=ldap01,local01
Overview
Content Tools