Go to new doc!

+49 228 5552576-0




Allows only authorized HTTP requests to pass through. Unauthorized requests get a redirect to the authorization server as response.

Can be used in

spring:beans, api, bean, if, interceptor, internalProxy, proxy, registration, request, response, serviceProxy, soapProxy, stompProxy, swaggerProxy, transport and wsStompReassembler


Name Required Default Description Example
loginLocation false - location of the login dialog template (a directory containing the index.html file as well as possibly other resources). Required for older browsers to work. file:c:/work/login/
loginPath false /login/ context path of the login dialog
publicURL false -
revalidateTokenAfter false -1 time in seconds until a oauth2 access token is revalidatet with authorization server. This is disabled for values < 0

Child Elements

Position Cardinality Description Element
1 1..1 github, google or membrane
2 0..1 sessionManager