You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

Defining a customBean authentication provider

 

In the application.properties file only one property is expected for a customBean authentication provider:

 

blueriq.security.auth-providers.myAuthProvider01.type=customBean

 


The name of the authentication provider is used as the name of the Spring bean to lookup in the application context. Spring searches in the application context for a bean of the type org.springframework.security.authentication.AuthenticationProvider with (in this example) the name myAuthProvider01. So it is important that a bean with the specified name is available in the application context.

 

An implementation example of a custom AuthenticationProvider:

 

@Component
public class MyCustomAuthenticationProvider implements AuthenticationProvider {
 
    @Override
    public Authentication authenticate(Authentication authentication) 
      throws AuthenticationException {
        String name = authentication.getName();
        String password = authentication.getCredentials().toString();
         
        if (shouldAuthenticateAgainstThirdPartySystem()) {
            // use the credentials and authenticate against the third-party system
            return new UsernamePasswordAuthenticationToken(name, password, new ArrayList<>());
        } else {
            return null;
        }
    }
 
    @Override
    public boolean supports(Class<?> authentication) {
        return authentication.equals(UsernamePasswordAuthenticationToken.class);
    }
}

@Configuration
public class SecurityConfigurationMyAuthProviderConfig {

    @Bean
    public AuthenticationProvider myAuthProvider01() {
        return new MyCustomAuthenticationProvider();
    }
}

Custom Authentication

By default, Blueriq authentication manager can map roles, teams and custom properties when creating the user object from the authentication data that implements the com.aquima.web.security.BlueriqAuthentication interface.

Providing a custom Authentication implementation

Custom authentication can be provided by implementing the com.blueriq.component.api.security.BlueriqAuthentication and can only be used by using a custom authentication provider.

Example:

public class CustomBlueriqAuthentication implements BlueriqAuthentication {

    private String userName;
    private List<SimpleGrantedAuthority> authorities;
    private List<String> roles;
    private List<String> teams;
    private boolean authenticated = false;
    private Map<String, String> properties;

	public CustomBlueriqAuthentication() {
      super();
      this.userName = "testUsername";
      this.properties = new HashMap<>();
      this.authorities = Collections.emptyList();
      this.roles = Collections.emptyList();
      this.teams = Collections.emptyList();
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
      return authorities;
    }

    @Override
    public Object getCredentials() {
      return null;
    }

    @Override
    public Object getDetails() {
      return null;
    }

    @Override
    public Object getPrincipal() {
      return userName;
    }

    @Override
    public boolean isAuthenticated() {
      return authenticated;
    }

    @Override
    public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
      this.authenticated = isAuthenticated;
    }

    @Override
    public String getName() {
      return userName;
    }

    @Override
    public List<String> getTeams() {
      return teams;
    }

    @Override
    public List<String> getRoles() {
      return roles;
    }

    @Override
    public boolean isAnonymous() {
      return false;
    }


    @Override
    public boolean isAutomatic() {
      return false;
    }

    @Override
    public List<String> getPropertyNames() {
      return new ArrayList<>(properties.keySet());
    }

    @Override
    public String getProperty(String name) {
      return properties.get(name);
    }

  }


The benefits of implementing the BlueriqAuthentication interface are:

  • roles and teams are automatically added to the IUserData objects created by the built-in IAuthorisationManager
  • custom properties from HTTP headers (as configured in application.properties) are automatically added to the IUserData objects created by the built-in IAuthorisationManager
  • custom properties from OpenID Connect claims  (as configured in application.properties) are automatically added to the IUserData objects created by the built-in IAuthorisationManager




  • No labels

Didn't find the answer you were looking for? Try the advanced search