Configuration

Application Properties

jmix.authserver.post-logout-url-redirect-parameter-name

Name of a URL parameter of the /logout request containing a URL to which the user will be redirected after successful logout.

Default value: not set

jmix.authserver.use-default-configuration

Specifies whether the default auto-configuration that sets up authorization server and resource server should be used. If you need to completely rewrite the default configuration, set this property to false and define your own configuration classes.

Default value: true

jmix.authserver.use-in-memory-authorization-service

If set to true, uses in-memory storage instead of storing tokens in the database.

Default value: false

jmix.authserver.use-referer-post-logout

If set to true, the referer header value is used as the post logout redirect URL.

It has lower priority than the URL set by the jmix.authserver.post-logout-url-redirect-parameter-name property.

Default value: false

jmix.authserver.logout-access-token-header-name

Name of the header to check for access token during logout. Found token will be removed.

Header should contain bearer token: Bearer xxxxx.

Custom header may be useful in some specific use cases or due to technical limitation. In most cases default Authorization header will be enough.

For example: jmix.authserver.logout-access-token-header-name = Custom-Authorization

Header is the only source of token by default. For additional sources check jmix.authserver.logout-access-token-url-parameter-name and jmix.authserver.logout-access-token-body-form-parameter-name

Default value: Authorization

jmix.authserver.logout-access-token-url-parameter-name

Name of the URL parameter to check for access token during logout. Found token will be removed.

For example: jmix.authserver.logout-access-token-url-parameter-name = access_token

This check is disabled by default. To enable it see jmix.authserver.logout-url-parameter-check-for-token-enabled

Default value: token

jmix.authserver.logout-access-token-body-form-parameter-name

Name of the body form parameter to check for access token during logout. Found token will be removed.

For example: jmix.authserver.logout-access-token-body-form-parameter-name = access_token

This check is disabled by default. To enable it see jmix.authserver.logout-body-form-parameter-check-for-token-enabled

Default value: token

jmix.authserver.logout-url-parameter-check-for-token-enabled

If set to true the URL parameters will be checked for access token during logout.

Default value: false

jmix.authserver.logout-body-form-parameter-check-for-token-enabled

If set to true the body form parameters will be checked for access token during logout.

Default value: false