This article covers a Bloomreach Experience Manager version 11. There's an updated version available that covers our most recent release.

Customize the Delivery Tier's Authentication Provider

Introduction

Goal

Customize the AuthenticationProvider component in Hippo's delivery tier.

Background

In Hippo's delivery tier (HST), the AuthenticationProvider component is responsible for authenticating users. A default implementation is provided for repository-based authentication. Implementation project may provide their own custom AuthenticationProvider implementation(s), enabling the integration with any kind of security backend system.

Configure a Custom Authentication Provider

Hippo's JAAS LoginModule depends on the HST Security Components, which are designed in a highly modular way. One of their core components is the AuthenticationProvider, which is responsible for authenticating on login credentials and providing security roles for the authenticated user.

By default, the AuthenticationProvider component is defined as follows in a Spring Components assembly configuration:

<bean id="org.hippoecm.hst.security.AuthenticationProvider" class="org.hippoecm.hst.security.impl.HippoAuthenticationProvider">
  <!-- SNIP -->
</bean>

An implementation project may require the use of a different authentication back-end, such as a database, LDAP, or another security application framework like Spring Security UserDetailsService. This is possible by implementing a custom AuthenticationProvider.

To create a custom AuthenticationProvider, implement the org.hippoecm.hst.security.AuthenticationProvider interface:

package org.hippoecm.hst.security;

public interface AuthenticationProvider {

    /**
     * Authenticate a user.
     *
     * @param userName The user name.
     * @param password The user password.
     * @return the {@link User}
     */
    User authenticate(String userName, char [] password)
                                          throws SecurityException;

    /**
     * Returns security roles of the given username
     * @param user
     * @return
     */
    Set<Role> getRolesByUsername(String username) throws SecurityException;

}

Then configure the custom AuthenticationProvider implementation in an HST Container Components Assembly Overriding XML file like the following example:

site/src/main/resources/META-INF/hst-assembly/overrides/my-custom-auth-provider.xml

<bean id="org.hippoecm.hst.security.AuthenticationProvider"
      class="com.example.security.MyCustomAuthenticationProvider">
  <!-- Configure whatever to inject for this bean here... -->
</bean>
Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?