I am working on multiple microservices using Helidon 3.2.2. Since I'm extremely new to this, I intend to use basic authentication for the security of all the endpoints for the time being. The username and password will be common across all the services.
Using the guide in Security Providers, I secured my one application using HTTP Basic Authentication Provider but the issue is I have to configure same settings in each of my individual applications. I wish to have a generic service developed and referred for authentication. How can this be done in Helidon MP?
Also, in case of a failure, will it be possible to have a custom return payload?
My resource class got these annotations
@Path("/simple-greet") @Authenticated public class SimpleGreetResource
In application.yaml I have configured this
security: providers: - http-basic-auth: realm: "beginning-helidon" users: - login: "gyles" password: "gyles"
This works well for the individual application but how can I make this generic for all the services?
Basic authentication is not a secure approach, and we provide it in Helidon mostly for testing, and simple examples where you need to protect something.
That is the reason we do not support any centralized appraoch (such as LDAP) for this kind of security. Please do not use it, especially in a scenario with multiple services.
If you still feel that for the purpose of you implementation this would be OK, you can implement a custom
UserStoreServicethat is backed by some centralized tool (database, LDAP, cache). If you expose your implementation asServiceLoaderprovider implementation, it can be used in basic authentication security provider. You would still need to configure the provider on each of your services.The recommended approach for production would then be to use OIDC (Open ID Connect), such as Keycloak, Auth0 or other, that can be usually served from a single docker image, to get you started. OIDC is supported by Helidon Security as well (and you can find a guide here: https://helidon.io/docs/v3/#/mp/guides/security-oidc)