...
Front-end - Back-end interaction:
Logic-flow:
Basic HybridRealm authentication. The PASOE validates the provided credentials (username & password) directly, through HybridRealm, using the ISwatAuthenticationService.
...
Front-end - Back-end interaction:
Logic-flow:
- The client sends POST request with AD credentials to the "/web/Login/Login.html" access-point on the PASOE (swat-backend).
- PASOE forwards AD credentials to the "/auth/ad/login" on the NodeJS (node-main).
- NodeJS handles AD authentication, using passport with passport-ldapauth strategy. Then responds with ssoSessionId & ssoUserId.
- PASOES passes back to Client the ssoSessionId & ssoUserId.
- Client logins into PASOE, with ssoUserId & ssoSessionId, through HybridRealm.
- PASOE HybridRealm handles login using ISwatAuthenticationService, which sends POST request to "/sessions", with ssoSessionId & ssoUserId, on the NodeJS.
- NodeJs responds back to PASOE with the session's validity.
- PASOE finalizes authentication process.
- Client is authenticated.
...
In order to use HybridRealm as the authentication provider of spring.security, the following configuration settings must be set:
oeablSecurity.properties
- http.all.authmanager - Authentication manager to use, in our case: oerealm
- client.login.model - Authentication model to use, in our case: form
- OERealm.UserDetails.realmClass - OERealm (HybridRealm) class to use, in our case: Akioma.Security.HybridRealm
Unauthenticated routes
To define routes that do not require authentication, by-passing altogether HybridRealm, modify the oeablSecurity.csv configuration file and set the desired URIs to permitAll():
Example for LoginWebHandler /web/Login/ routes:
| Code Block | ||||
|---|---|---|---|---|
| ||||
# "url-pattern","<method>","<spring-access-expression>" ?? # Permit unauthenticated access to /web/Login/** "/web/Login/**","*","permitAll()" ?? # Authentication for /web/** "/web/**","*","hasAnyRole('ROLE_PSCUser')" ?? # Best practice - deny anything not explicitly granted "/**","*","denyAll()" |
...