Versions Compared

Old Version 1

changes.mady.by.user Unknown User (m.woudstra)

Saved on

compared with

New Version 2

changes.mady.by.user Unknown User (m.woudstra)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note
When the Blueriq RuntimeWebSecurityConfigurer is disabled in favour of a custom HTTP security configuration implementation for the Runtime the Order value of 50 is advised and can be used for it.

6. Noaccess.html

 

Blueriq's http security is based on the assumption that users require themselves access through logging in. If a user's credentials fail to grant the user access, one is redirected to the login page. This redirection requires a virtual page called noaccess.html that is further configured as follows:

Code Block
.authorizeRequests()
.antMatchers(redirectHelper.getNoAccessPath()).authenticated()
.and()

 

If one chooses to configure a custom security approach, for instance by passing through credentials via http headers, noaccess.html is not in reach, users are already logged in at the moment they reach Blueriq.