admin管理员组

文章数量:1334881

We are using OpenLiberty 24.0.0.x with openIdConnectClient (.html).

This is our configuration:

 <openidConnectClient id="webapp_oidc_client"
                         clientId="${OIDC_CLIENT_ID}"
                         clientSecret="${OIDC_CLIENT_SECRET}"
                         discoveryEndpointUrl="${OIDC_DISCOVERY_URI}"
                         userIdentifier="uid"
                         signatureAlgorithm="RS256"
                         scope="openid"
                         responseType="code"
                         useNonce="true"
                         pkceCodeChallengeMethod="S256"
                         preferredJwsAlgorithm="RS256"
                         useSystemPropertiesForHttpClientConnections="true">
    </openidConnectClient>

Everything works fine. Due to some anisational constraints, we cannot send the group information of a user in the JWT claims. So we need to deliver the group information from a proprietary system, which provides only group information of a user (We can call an REST interface).

We need to add group information after the authentication process to the Principal, so we can use the standard mechanism in our code like @RolesAllowed.

I'm searching for a hook like SecurityIdentityAugmentor in Quarkus. ()

In Spring the is a kind LdapAuthoritiesPopulator to add roles (.2.x/apidocs//springframework/security/ldap/userdetails/LdapAuthoritiesPopulator.html)

Do you have any ideas or hints. I searched the official documentation of OpenLiberty, but didn't find anything.

If you need any further information, please ask.

We are using OpenLiberty 24.0.0.x with openIdConnectClient (https://openliberty.io/docs/latest/reference/config/openidConnectClient.html).

This is our configuration:

 <openidConnectClient id="webapp_oidc_client"
                         clientId="${OIDC_CLIENT_ID}"
                         clientSecret="${OIDC_CLIENT_SECRET}"
                         discoveryEndpointUrl="${OIDC_DISCOVERY_URI}"
                         userIdentifier="uid"
                         signatureAlgorithm="RS256"
                         scope="openid"
                         responseType="code"
                         useNonce="true"
                         pkceCodeChallengeMethod="S256"
                         preferredJwsAlgorithm="RS256"
                         useSystemPropertiesForHttpClientConnections="true">
    </openidConnectClient>

Everything works fine. Due to some anisational constraints, we cannot send the group information of a user in the JWT claims. So we need to deliver the group information from a proprietary system, which provides only group information of a user (We can call an REST interface).

We need to add group information after the authentication process to the Principal, so we can use the standard mechanism in our code like @RolesAllowed.

I'm searching for a hook like SecurityIdentityAugmentor in Quarkus. (https://quarkus.io/guides/security-customization#security-identity-customization)

In Spring the is a kind LdapAuthoritiesPopulator to add roles (https://docs.spring.io/spring-security/site/docs/4.2.x/apidocs//springframework/security/ldap/userdetails/LdapAuthoritiesPopulator.html)

Do you have any ideas or hints. I searched the official documentation of OpenLiberty, but didn't find anything.

If you need any further information, please ask.

  • security
  • jakarta-ee
  • authorization
  • open-liberty
  • principal
Share Improve this question asked Nov 20, 2024 at 7:48 Mark HuntMark Hunt 656 bronze badges
Add a comment  | 

1 Answer 1

Reset to default 0

This might be what you're looking for https://www.ibm/docs/en/was-liberty/base?topic=security-public-apis.

That API allows you to access the security subject.

本文标签: securityOpenLiberty Authentication Adding roles to PrincipalStack Overflow

版权声明:本文标题:security - OpenLiberty Authentication: Adding roles to Principal - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742373812a2462759.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。