Content Application Developer Manual / Version 2110
Table Of ContentsThe CAE security implementations are established using Spring Security.
The configuration classes for the CAE security are located in the package
com.coremedia.cae.security.
For customizations replace the CaeWebSecurityConfigurerAdapter
by adding your own WebSecurityConfigurerAdapter
implementation.
Preferably extend your implementation from the CaeWebSecurityConfigurerAdapter
and override its configure
methods. For more detailed information see
API documentation for com.coremedia.cae.security.CaeWebSecurityConfigurerAdapter.
With Spring-Security an HttpFirewall
is configured.
For CoreMedia CAE, the StrictHttpFirewall
is configured in
com.coremedia.cae.security.CaeWebSecurityBeansAutoConfiguration.html#httpFirewall.
It uses the
com.coremedia.cae.security.CaeHttpFirewallConfigurationProperties
to enable selective removal of its default rejections. In the default CAE (without any
extensions), none of the default rejections are removed. If a rejection has to be
removed for an extension, the regarding cae.http-firewall.allow-*
property has to be set to true
in the extensions component properties file.