Go to new doc!

+49 228 5552576-0




Allows only authorized HTTP requests to pass through. Unauthorized requests get a redirect to the authorization server as response.

Can be used in

spring:beans, api, bean, if, interceptor, internalProxy, proxy, registration, request, response, serviceProxy, soapProxy, stompProxy, swaggerProxy, transport and wsStompReassembler


Name Required Default Description Example
callbackPath false oauth2callback the path used for the OAuth2 callback. ensure that it does not collide with any path used by the application
publicURL false -
revalidateTokenAfter false -1 time in seconds until a oauth2 access token is revalidatet with authorization server. This is disabled for values < 0
skipUserInfo false -

Child Elements

Position Cardinality Description Element
1 0..1 inMemorySessionManager2, jwtSessionManager or redisSessionManager
2 1..1 github, google or membrane
3 0..1 cookieOriginalExchangeStore, redisOriginalExchangeStore, sessionOriginalExchangeStore or custom elements