Skip to main content
Version: 4.10.0

Authentication

AWE security

Authentication and Authorization

Awe lets you choose which authentication and authorization system you want to use, instead of bundling any specific one. Awe is fully compatible with the most used security solutions in the Spring Boot ecosystem like In memory, Database, LDAP, OAuth, Oauth2, ...

You can visit this for more info.:::

Spring Security in Awe

Awe provides configuration beans to manage security in your application. You can use them or overwrite and create your custom auth method. The security configuration is in SecurityConfig and AWEScreenSecurityAdapter classes and select the authentication method that you want.

Configuration properties
################################################
# Authentication
################################################
# Authentication mode (ldap | bbdd | in_memory | custom)
awe.security.auth-mode=bbdd

################################################
# Custom authentication
################################################
#Provider class beans, separated by comma for multiple providers.
awe.security.auth-custom-providers=

You can always create your own Http web security config class extending WebSecurityConfigurerAdapter.

Custom Http security configuration
@Configuration
public class CustomSecurityConfig extends WebSecurityConfigurerAdapter {
  
   /**
   * Spring security configuration
   *
   * @param http Http security object
   * @throws Exception Configure error
   */
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    // Your custom configuration
  }
}

Two-factor authentication (2fa)

We've recently developed a new two-factor authentication system based on authentication apps such as Google Authenticator.

There are three ways to manage this two-factor authentication in AWE based on the awe.totp.security.enabled property:

  • disabled: Two-factor authentication is disabled and it won't ask for a temporal code on access.
  • optional: The user can enable two-factor authentication on the settings screen and temporal code will be asked on login.
Settings screen
Security settings screen
TOTP Code screen
TOTP code screen
  • force: On login, if user has not enabled two-factor authentication, a screen will raise with the QR code to force the user to enable two-factor authentication. After that screen, user will be asked for the temporal code based on the previously generated secret code.
Force two-factor authentication screen
Force two-factor security screen