Version: 17.07
Supported Since: 17.07
HTTP Authenticator Processor is a processing element which can be used to check HTTP authentication of the received request before enter the given message to an integration flow. In this authenticator support following HTTP authentication scheme
Basic Authentication
Digest Authentication
In order to use this processing element, you must first select the HTTP NIO Connector dependency from the connector list when you are creating an empty Ultra project. If you have already created a project, you can add the HTTP NIO Connector dependency via Component Registry. From Tools menu, select Ultra Studio → Component Registry and from the Connectors list, select the HTTP NIO Connector dependency. |
Next |
The message will be sent to this outport if setting http authenticator is successful |
On Exception |
The message will be sent to this outport if the processing element failed in setting http authenticator operation |
HTTP Authentication Scheme * |
Basic |
The name of setting Authentication Scheme |
||
Realm Name * |
Basic |
The name of the authentication realm |
||
Ignore Failure * |
Basic |
Ignore authentication failures. True if authentication failure is ignored. Otherwise authenticator consider failure |
||
Credential character set |
Basic |
The character set for the credentials |
||
User Detail Service * |
Basic |
The bean of UserDetailService (org.springframework.security.core.userdetails.UserDetailsService is expected) |
||
Authentication Manager * |
Basic |
The bean of AuthenticationManager (org.springframework.security.authentication.AuthenticationManager is expected)
|
||
Private Key |
Basic |
The key represent the private key which is used to generate nonce value
|
||
Password Already Encoded * |
Basic |
The password is already encoded or not
|
||
Digest Hashing Algorithm * |
Basic |
Algorithm used to produce the digest and an un-keyed digest(to hash the digest key)
|
||
Quality of protection(QoP) |
Basic |
Quality of protection level when used to produce response key
|
||
Enable User Cache |
Advance |
Enable User cache feature for caching user detail retrieving from user detials |
Before we setup a HTTP (Basic) authenticator, we have to define a User Detail Service that provides user information
for the authentication flow.Define the following resource under project.xpml
:
<x:resource id="userDetail">
<bean class="org.springframework.security.provisioning.InMemoryUserDetailsManager" id="userDetail">
<constructor-arg name="users">
<list>
<bean class="org.springframework.security.core.userdetails.User">
<constructor-arg name="username" value="admin"/>
<constructor-arg name="password" value="password"/>
<constructor-arg name="authorities">
<list>
<bean class="org.springframework.security.core.authority.SimpleGrantedAuthority">
<constructor-arg name="role" value="ROLE_ADMIN"/>
</bean>
<bean class="org.springframework.security.core.authority.SimpleGrantedAuthority">
<constructor-arg name="role" value="ROLE_USER"/>
</bean>
</list>
</constructor-arg>
</bean>
</list>
</constructor-arg>
</bean>
</x:resource>
The above example is a simple in-memory user detail manager, but it can be more sophisticated and customizable (e.g. one based on JDBC (database-backed) or LDAP) in real scenarios.
We also need to define an Authentication Manager that utilizes the above userDetail
resource:
<x:resource id="config">
<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<constructor-arg name="providers">
<list>
<bean class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetail"/>
</bean>
</list>
</constructor-arg>
</bean>
</x:resource>
In the following diagram (figure 1) there is an integration flow which takes the message in from a http ingress connector and sends it out to a another http endpoint using http egress connector. The requirement is to check HTTP request authorization before forward message to the egress connector. In this sample case we check basic authentication of the HTTP request.
I have added an HTTP Authenticator processing element before the egress connector with the configurations as shown in the figure 2
Configuration for the HTTP Authenticator element is as follows. To check HTTP basic authentication, we select the Authentication Scheme , gives Realm Name, Username, Password, Charset which is used by to encode authentication credential which ingress connector received, if we want to ignore authentication failure, check Ignore Failure and want to select above pre-request mention resource for User Detail Service and Authentication Manager,