...
In order to use HybridRealm as the authentication provider of spring.security, the following configuration settings must be set:
...
oeablSecurity.properties
...
- http.all.authmanager - Authentication manager to use, in our case: oerealm
- client.login.model - Authentication model to use, in our case: form
- OERealm.UserDetails.realmClass - OERealm (HybridRealm) class to use, in our case: Akioma.Security.HybridRealm
Unauthenticated routes
To define routes that do not require authentication, by-passing altogether HybridRealm, modify the oeablSecurity.csv configuration file and set the desired URIs to permitAll():
Example for LoginWebHandler routes:
| Code Block | ||||
|---|---|---|---|---|
| ||||
# "url-pattern","<method>","<spring-access-expression>" ?? # AuthenticationPermit unauthenticated modelaccess to use, in our case: form client.login.model=form /web/Login "/web/Login/**","*","permitAll()" ?? # Authentication for /web "/web/**","*","hasAnyRole('ROLE_PSCUser')" ?? # HybridRealmBest classpractice to- use,deny inanything ournot case: Akioma.Security.HybridRealm OERealm.UserDetails.realmClass=Akioma.Security.HybridRealm ?? ??explicitly granted "/**","*","denyAll()" |
Note: To override access for a specific/sub-route: have the override setting before the parent setting. Example: /web/Login sub-route config overrides /web route config, thus it is set before.
| Anchor | ||||
|---|---|---|---|---|
|
...