Configuration options
| key | type | default value | description |
|---|---|---|---|
|
boolean |
|
Whether to audit this request - defaults to false, if enabled, request is audited with event type "request". |
|
string |
|
Override for event-type, defaults to SecurityHandler.DEFAULT_AUDIT_EVENT_TYPE. |
|
string |
|
Override for audit message format, defaults to SecurityHandler.DEFAULT_AUDIT_MESSAGE_FORMAT. |
|
boolean |
|
If called, request will go through authentication process - defaults to false (even if authorize is true). |
|
boolean |
|
If called, authentication failure will not abort request and will continue as anonymous (defaults to false). |
|
string |
|
Use a named authenticator (as supported by security - if not defined, default authenticator is used). Will enable authentication. |
|
boolean |
|
Enable authorization for this route. |
|
string |
|
Use a named authorizer (as supported by security - if not defined, default authorizer is used, if none defined, all is permitted). Will enable authorization. |
|
string[] |
|
An array of allowed roles for this path - must have a security provider supporting roles (either authentication or authorization provider). This method enables authentication and authorization (you can disable them again by calling SecurityHandler.skipAuthorization() and authenticationOptional() if needed). |
|
string[] |
|
List of sockets this configuration should be applied to. If empty, the configuration is applied to all configured sockets. |