+49 228 5552576-0




Allows only authorized HTTP requests to pass through. Unauthorized requests get a redirect to the authorization server as response.

Can be used in

spring:beans, if, internalProxy, proxy, registration, request, response, serviceProxy, soapProxy, stompProxy, swaggerProxy, transport and wsStompReassembler


Name Required Default Description Example
publicURL false -
revalidateTokenAfter false -1 time in seconds until a oauth2 access token is revalidatet with authorization server. This is disabled for values < 0

Child Elements

Position Cardinality Description Element
1 0..1 inMemorySessionManager2 or jwtSessionManager
2 1..1 github, google or membrane
3 0..1 cookieOriginalExchangeStore or sessionOriginalExchangeStore