Versions Compared

Old Version 9

changes.mady.by.user Unknown User (m.woudstra)

Saved on

compared with

New Version 10

changes.mady.by.user Unknown User (m.woudstra)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

3. Configurable security headers

The default Spring' Security headers are disabled by default and re-added depending on properties in the Spring environmentbased on how security is configured in application.properties. By default, http request methods are by default not restricted, HTTP strict transport security is disabled by default, content sniffing protection is disabled by default, Blueriq's controller are protecetd against cross-site reqiest forgery, and click jackin gprotection is default enabled. Please also see Security.

4. Configuring authentication and authorization for URL patterns

...

6. Noaccess.html

Blueriq uses a mechanism that whenever a flow is started, it is checked if the flow requires authentication and the current user has matching credentials. If this is not the case, the user is automatically redirected to the virtual page noaccess.html. This page does not exist, but is merely there to redirect to the login page as shown in the excerpt below from the HTTP security configuration.

...

If one chooses to configure a custom security approach, for instance by passing through credentials via HTTP headers, noaccess.html is not in reach, and users are already logged in at the moment they reach Blueriq. A custom page that indicates that no access is allowed is in that case out of Blueriq's hands and the responsibility of the project.

...