config-post-auth-filter
Configures the post-authentication filter.
config-post-auth-filter
[-c value | --configuration=value]
[-b value | --bootstrap-config=value]
[-f value | --filter-class=value]
[-s value | --filter-config=value]
{-Ikey=value} [--clear-init-parameters]
[-d value | --default-filter-config=value]
Overview
Use this command to configure the post-authentication filter. If no argument is provided, the command simply lists the current configuration and exits.
Options
Option | Optional or Required | Default Value | Description |
---|---|---|---|
|
Optional | configuration.xml | The path to the server configuration file. |
|
Optional | none | The path to the bootstrap configuration file. See Bootstrap.xml file for more information about this file. |
|
Optional | none | The fully-qualified name of the class implementing the com.spotfire.server.security.PostAuthenticationFilter API. If the argument is
none , the current value of this configuration option is cleared.
|
|
Optional | none | This argument is deprecated and will be removed in a future release. Please use initialization parameters instead.
The filter configuration. The semantics of the configuration argument is specific to the actual filter implementation. For example, it could be a configuration name, a file name, or a list of key/value pairs. If the argument is
|
|
Optional, and may be specified multiple times with different keys. | none | This argument specifies initialization parameters that will be provided to the PostAuthenticationFilter when the init(PostAuthenticationFilterInitContext) method is called. If the name of the parameter ends with [SENSITIVE] it will be stored encrypted in the configuration.
Example of how to set the parameter
debug to 'true' and the sensitive parameter
secret to 'changeme':
|
|
Optional | none | By specifying this flag, the list of initialization parameters is cleared. This flag can be used together with the
-I argument to remove all old initialization parameters before adding the new ones.
|
|
Optional | none | The configuration for the default filter that is always in place. Valid arguments are
block and
autocreate .
|
THE DEFAULT FILTER IMPLEMENTATION
The default implementation of the post authentication filter can be used for access control if you are using an external authentication source, such as LDAP or Windows NT Domain, in combination with the Database User Directory mode. If you are using a different combination of authentication and user directory, the filter has no effect.
- The user is allowed access only if the user already exists in the user directory (to configure this use
--default-filter-config=block
). - The user is allowed access regardless of whether the user already exists in the user directory. The user will then be added to the user directory (to configure this use
--default-filter-config=autocreate
).
EXAMPLES
config-post-auth-filter --default-filter-config=block
config-post-auth-filter --default-filter-config=autocreate
config-post-auth-filter --filter-class=com.example.MyPostAuthenticationFilter -Idebug=true -Isecret[SENSITIVE]=changeme