There are multiple ways to configure authenticated access to services published in LuciadFusion Platform. To set up LuciadFusion service authentication, you can choose to:
-
Configure whether services require authentication by default using the configuration property
fusion.security.serviceAuthenticationRequired
. -
Configure authentication for endpoints matching a certain pattern by listing them under the configuration property
fusion.security.authenticatedEndpoints
. See the How to configure access to services in LuciadFusion article for some examples. -
Use Spring Security, which is included with LuciadFusion. With Spring Security, you can identify distinct security configurations for distinct endpoints. For example, if you published a WMS service with endpoint
ogc/wms/world
, you can secure access to it by creating a custom security configuration for theogc/wms/world/**
pattern. To do so, you must define aSecurityFilterChain
bean. Make LuciadFusion pick it up by enabling thefusion.config.additionalScanPackages
property in the LuciadFusion configuration filefusion.common.yml
. Use theHttpSecurity
class to create your own security configuration.This example illustrates this approach by only authorizing users with role
WMS
for request patterns that match withogc/wms/world/**
:import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; @Configuration public class CustomSecurityConfig { @Bean public SecurityFilterChain serviceFilterChain(HttpSecurity http) throws Exception { http.securityMatcher("/ogc/wms/world/**") .authorizeHttpRequests(authorizeHttpRequests -> authorizeHttpRequests.anyRequest().hasRole("WMS")) .httpBasic(); return http.build(); } }
-
Use a reverse proxy in front of LuciadFusion. In this setup, all access to LuciadFusion passes through the reverse proxy, which you can configure to enable authentication for selected endpoints. For more information about setting up LuciadFusion with a reverse proxy based on Apache HTTP server, see How to set up the LuciadFusion Platform with a reverse proxy. For more information about using Apache’s authentication modules, see the Apache HTTP server documentation.