Try OpenEdge Now
skip to main content
Administration
REST Administration : REST Management Agent and REST Web Application Security Configurations : Using Single Point of Authentication security configurations : Configure the SPA security configuration model : OERealmAuthProvider properties
 
OERealmAuthProvider properties
OERealmAuthProvider is a bean that defines how to create a Spring Authentication token (ClientPrincipal or UserPasswordAuthenticationToken) after an OpenEdge database user account's authentication process is successful.
The ClientPrincipal generated by the OERealmAuthProvider supercedes the ClientPrincipal created by OEClientPrincipalFilter. Therefore, when you use an SPA security configuration for your REST application, you can optionally disable the OEClientPrincipalFilter by setting its enableCP property to false. For more information on updating the OEClientPrincipalFilter, see OEClientPrincipal properties.
Set the properties of OERealmAuthProvider per the following table:
Table 91. OERealmAuthProvider properties
Spring property
Default value
Range of accepted values
Description
createCPAuthn
"true"
"true" |
"false"
Creates a Spring ClientPrincipal authentication token when set to true.
sealClientPrincipal
false
"true" |
"false"
This property qualifies the createCPAuthn property. When set to true, the bean's domain and registry configuration is used to "seal" the ClientPrincipal. When it is set to false, the ClientPrincipalis left unsealed until the OEClientPrincipalFilter performs the seal operation using its configuration.
key
""
"<Valid
string>"
Specifies the OpenEdge domain's access code to seal the ClientPrincipal token with the specified string.1
"registryFile"
null
"<valid-file-path>"
The registry file used to seal the ClientPrincipal. It is generated using the gendomreg utility.
Note: You must configure either "key" or "registryFile" for sealing the C-P token.
userDomain
""
"<Valid
string>"
Specifies the OpenEdge domain name to append to the user account name if the name does not already contain a user domain.
multiTenant
"false"
"true" |
"false"
Prescribes the user to enter a fully qualified OpenEdge user-id@domain tenant when set to true.
authz
"true"
"true" |
"false"
Loads the user account's roles as Spring authorities used in the Spring security authorization process.
properties
"empty"
"valid name
and value"
Loads static client-principal properties by name and value.
expires
"0"
"0" or
"positive
integer"
Expires ClientPrincipal in the specified number of seconds.
1 The key property can also be in the "oech1::<hex-string>" where <hex-string> is the output from the OE genpassword utility.