loading table of contents...

Content Application Developer Manual / Version 2310

Table Of Contents

4.3.8 Spring Security

The CAE security implementations are established using Spring Security.

The configuration classes for the CAE security are located in the package All beans for the CAE security are created by the For customizations, each of these beans can be replaced by an equally named bean in a custom configuration class.

In Spring Security, the main bean to realize the HTTP web security is the When the application context is created, it is configured and build using the prototype bean. For the CAE, the default configuration is done in the bean, that is then be used to create the bean. To customize the HTTP web security for the CAE, extend the, override its configure methods and provide it as a bean named caeHttpSecurityConfigurer in order to replace the CAE's default configuration bean.

With Spring-Security an HttpFirewall is configured.

For CoreMedia CAE, the StrictHttpFirewall is configured in It uses the to enable selective removal of its default rejections. In the default CAE (without any extensions), none of the default rejections are removed. If a rejection has to be removed for an extension, the regarding cae.http-firewall.allow-* property has to be set to true in the extensions component properties file.

Search Results

Table Of Contents

Your Internet Explorer is no longer supported.

Please use Mozilla Firefox, Google Chrome, or Microsoft Edge.