Update Rudder authentication to allows plugins
We need to update the way Rudder does authentication to allows authentication plugin to be build.
The mainly implies:
- having a way to specify which authentication type(s) to use in rudder.properties config file;
- have a fallback root user that is alway here (so that there is always somebody able to connect to Rudder for admin task)
- do a lot of gore things to make Spring Security do what we want (charge properties for each plugins, load correct authentication providers, etc).
Updated by François ARMAND over 5 years ago
Some details about the implementation:
- each modules is identified in the properties file,
- there is two standards module: "file" and "ldap"
- there is a new, always enabled module, even if not: rudder.auth.admin (with two properties: rudder.auth.admin.login and rudder.auth.admin.password)
- we have a new "authentication type" selector to configure in the file: rudder.auth.type = comman,separated,list,of,auth,module
Then, we can add a new plugin just by adding a jar in the path :
- its properties can be added in the config file with the format: rudder.auth.AUTH_NAME.prop1, etc
- we also automatically look for an XML config file with name: applicationContext-security-auth-AUTH_NAME.xml
So compared with old property file, we need to:
- remove rudder.auth.ldap.enabled,
- add rudder.auth.admin.login and rudder.auth.admin.password,
- add rudder.auth.type=[here, if rudder.auth.ldap.enabled was true, set "ldap" else "file" - when not in a migration, it will be "file"]