http authenticator

HTTP Authenticator

Version: 17.07

Supported Since: 17.07

What is an HTTP Authenticator Processor?

HTTP Authenticator Processor is a processing element which can be used to check HTTP authentication of the received request before enter the given message to an integration flow. In this authenticator support following HTTP authentication scheme

  • Basic Authentication

  • Digest Authentication

In order to use this processing element, you must first select the HTTP NIO Connector dependency from the connector list when you are creating an empty Ultra project. If you have already created a project, you can add the HTTP NIO Connector dependency via Component Registry. From Tools menu, select Ultra Studio → Component Registry and from the Connectors list, select the HTTP NIO Connector dependency.

http authenticator outports

Out Ports

Next

The message will be sent to this outport if setting http authenticator is successful

On Exception

The message will be sent to this outport if the processing element failed in setting http authenticator operation

Parameters

HTTP Authentication Scheme *

Basic

The name of setting Authentication Scheme

Realm Name *

Basic

The name of the authentication realm

Ignore Failure *

Basic

Ignore authentication failures. True if authentication failure is ignored. Otherwise authenticator consider failure

Credential character set

Basic

The character set for the credentials

User Detail Service *

Basic

The bean of UserDetailService (org.springframework.security.core.userdetails.UserDetailsService is expected)

Authentication Manager *

Basic

The bean of AuthenticationManager (org.springframework.security.authentication.AuthenticationManager is expected)

Setting this parameter is only available on the basic authentication scheme and no other schemes.

Private Key

Basic

The key represent the private key which is used to generate nonce value

Setting this parameter is only available on the digest authentication scheme and no other schemes.

Password Already Encoded *

Basic

The password is already encoded or not

Setting this parameter is only available on the digest authentication scheme and no other schemes.

Digest Hashing Algorithm *

Basic

Algorithm used to produce the digest and an un-keyed digest(to hash the digest key)

Setting this parameter is only available on the digest authentication scheme and no other schemes.

Quality of protection(QoP)

Basic

Quality of protection level when used to produce response key

Setting this parameter is only available on the digest authentication scheme and no other schemes.

Enable User Cache

Advance

Enable User cache feature for caching user detail retrieving from user detials

Sample Use Case

Prerequisite

Before we setup a HTTP (Basic) authenticator, we have to define a User Detail Service that provides user information for the authentication flow.Define the following resource under project.xpml:

<x:resource id="userDetail">
    <bean class="org.springframework.security.provisioning.InMemoryUserDetailsManager" id="userDetail">
        <constructor-arg name="users">
            <list>
                <bean class="org.springframework.security.core.userdetails.User">
                    <constructor-arg name="username" value="admin"/>
                    <constructor-arg name="password" value="password"/>
                    <constructor-arg name="authorities">
                        <list>
                            <bean class="org.springframework.security.core.authority.SimpleGrantedAuthority">
                                <constructor-arg name="role" value="ROLE_ADMIN"/>
                            </bean>
                            <bean class="org.springframework.security.core.authority.SimpleGrantedAuthority">
                                <constructor-arg name="role" value="ROLE_USER"/>
                            </bean>
                        </list>
                    </constructor-arg>
                </bean>
            </list>
        </constructor-arg>
    </bean>
</x:resource>

The above example is a simple in-memory user detail manager, but it can be more sophisticated and customizable (e.g. one based on JDBC (database-backed) or LDAP) in real scenarios.

We also need to define an Authentication Manager that utilizes the above userDetail resource:

<x:resource id="config">
    <bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
        <constructor-arg name="providers">
            <list>
                <bean class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
                    <property name="userDetailsService" ref="userDetail"/>
                </bean>
            </list>
        </constructor-arg>
    </bean>
</x:resource>
Setting up the processing element

In the following diagram (figure 1) there is an integration flow which takes the message in from a http ingress connector and sends it out to a another http endpoint using http egress connector. The requirement is to check HTTP request authorization before forward message to the egress connector. In this sample case we check basic authentication of the HTTP request.

I have added an HTTP Authenticator processing element before the egress connector with the configurations as shown in the figure 2

http_authenticator_sample
Figure 1: http_authenticator_sample

Configuration for the HTTP Authenticator element is as follows. To check HTTP basic authentication, we select the Authentication Scheme , gives Realm Name, Username, Password, Charset which is used by to encode authentication credential which ingress connector received, if we want to ignore authentication failure, check Ignore Failure and want to select above pre-request mention resource for User Detail Service and Authentication Manager,

http_authenticator_config
Figure 2: http_authenticator_config
In this topic
In this topic
Contact Us