config-post-auth-filter

config-post-auth-filter 
[-c value | --configuration=value] 
[-b value | --bootstrap-config=value] 
[-f value | --filter-class=value] 
[-s value | --filter-config=value]
{-Ikey=value} [--clear-init-parameters] 
[-d value | --default-filter-config=value]

Overview

Use this command to configure the post-authentication filter. If no argument is provided, the command simply lists the current configuration and exits.

Options


Option	Optional or Required	Default Value	Description
`-c value --configuration=value`	Optional	configuration.xml	The path to the server configuration file.
`-b value --bootstrap-config=value`	Optional	none	The path to the bootstrap configuration file. See Bootstrap.xml file for more information about this file.
`-f value --filter-class=value`	Optional	none	The fully-qualified name of the class implementing the com.spotfire.server.security.PostAuthenticationFilter API. If the argument is `none`, the current value of this configuration option is cleared.
`-s value --filter-config=value`	Optional	none	This argument is deprecated and will be removed in a future release. Please use initialization parameters instead. The filter configuration. The semantics of the configuration argument is specific to the actual filter implementation. For example, it could be a configuration name, a file name, or a list of key/value pairs. If the argument is `none`, the current value of this configuration option is cleared.
`-Ikey=value`	Optional, and may be specified multiple times with different keys.	none	This argument specifies initialization parameters that will be provided to the PostAuthenticationFilter when the init(PostAuthenticationFilterInitContext) method is called. If the name of the parameter ends with [SENSITIVE] it will be stored encrypted in the configuration. Example of how to set the parameter debug to 'true' and the sensitive parameter secret to 'changeme': `-ldebug=true -Isecret[SENSITIVE]=changeme`
`--clear-init-parameters`	Optional	none	By specifying this flag, the list of initialization parameters is cleared. This flag can be used together with the `-I` argument to remove all old initialization parameters before adding the new ones.
`-d value --default-filter-config=value`	Optional	none	The configuration for the default filter that is always in place. Valid arguments are `block` and `autocreate`.

THE DEFAULT FILTER IMPLEMENTATION

The default implementation of the post authentication filter can be used for access control if you are using an external authentication source, such as LDAP or Windows NT Domain, in combination with the Database User Directory mode. If you are using a different combination of authentication and user directory, the filter has no effect.

The default implementation has two different modes:

The user is allowed access only if the user already exists in the user directory (to configure this use --default-filter-config=block).
The user is allowed access regardless of whether the user already exists in the user directory. The user will then be added to the user directory (to configure this use --default-filter-config=autocreate).

EXAMPLES

Example of how to configure the default filter to block users not in the user directory (the default behavior):

config-post-auth-filter --default-filter-config=block

Example of how to configure the default filter to automatically create users not in the user directory:

config-post-auth-filter --default-filter-config=autocreate

Example of how to configure a custom filter implementation with two initialization parameters, 'debug' and 'secret':

config-post-auth-filter --filter-class=com.example.MyPostAuthenticationFilter -Idebug=true -Isecret[SENSITIVE]=changeme