Protecting pages with access token/oauth2

Hello,

We use an external hosted login (OIDC/OAUTH2) solution for customer authentication. We would like to connect our CMS to this solution so we can have certain pages on our site require the customer to login. When a customer logs in they get an access token from our auth provider. We would like the CMS to look for the access token to determine if the user can access the page or not.

Has anyone done anything like this before? I haven’t been able to find clear documentation on how to integrate this.

Thanks,
Tim

you can check spring security plugin and add your own handlers/security providers,
see:
https://bloomreach-forge.github.io/hst-spring-security/hippouserdetails.html

Hi @machak,

I did find that plugin but honestly I find the documentation very confusing for the plugin and for delivery tier authentication configuration on the Bloomreach site. I was hoping since OAuth2 and OIDC are very common authentication and authorization protocols someone would have done this before and could share how they did it. I’m going to keep digging into the plugin anyways.

Thanks,

Tim

I can understand why it seems confusing.

Basically the goals of the forge project is just to provide a way to integrate with spring-security and spring-security-* in our CMS web applications.
Just by configuring spring-security servlet filter(s) - by either beans XML or annotations in traditional one or boot project - you can use most features of the spring security, except of the user/role(s) resolutions/mapping to those in HST-2 user/role concepts used in access controls.
The forge project fills in this gap, simply by mapping spring security user/role(s) to HST’s.

The first difficulty nowadays is, I guess, it is a bit hard to find a good example to configure all spring-security-* configurations in XML beans, as many examples on the net are based on boot projects.

Anyway, if you can find a good example using XML bean definitions instead and overwrite the example with that, the next steps will be very straightforward.

Regards,

Woonsan