Administrator

Standard Security Filters

Configures the standard security filters for Mobiliser.

  • Preferences node: /businesslayer/com/sybase365/mobiliser/framework/gateway/security/filters/standard
  • ConfigAdmin PID: com.sybase365.mobiliser.framework.gateway.security.filters.standard
Key Default Description
ehCacheBasedUserCache.location <SMP_HOME>\Server\config_master\com.sybase365.mobiliser.framework.gateway.security.filters.standard\com.sybase365.mobiliser.framework.gateway.security.filters.standard.properties Ehcache configuration location for the user details cache.
osgiProviderManager .eraseCredentialsAfterAuthentication context Defines whether Spring security removes the credentials from the authentication object after successful authentication. To upgrade password hashing algorithms, set this key to false, since the password is needed to update the hash.
matcherMode standard Sets the HTTP path expressions. When matching HTTP paths for security expressions, Spring security normally uses the request path built by request.getServletPath() + request.getPathInfo(). For some environments, build the path with request.getContextPath() + request.getPathInfo(). If the request path has been built using the context path, set this key to "context".
baseUrl /mobiliser Sets the base URL for the security configurations picked up from the OSGi registry, which can be relative or absolute. Relative configurations do not begin with a slash (/); therefore, the base URL configured as relative is prepended to the configuration before the HTTP path expression is configured. This should match the servlet name configured in the PID:

com.sybase365.mobiliser.framework.gateway.httpservice

realmName MOBILISER Defines the realm name for the unauthorized response header. If the server receives a request for an access-protected object, and the request is denied, the server responds with a 401 response code and a "WWW-Authenticate" header.
channel any Defines the channel of the default security configuration for the servlet:
  • any
  • https
  • http
You can override the default by providing specific configurations elsewhere within the container.
roles MOBILISER_ ACCESS Defines the roles of the default security configuration for the servlet, which is a comma-separated list and uses an OR expression. You can override the default by providing specific configurations elsewhere within the container.  
port_mapping_xxx   Defines the mapping between secure and insecure ports.  If a channel is set to something other than “any,” whether with the default or other specific configuration, Spring security must know the mapping between secure and insecure ports to properly send the client a 302 response with a “Location” header. You may have any number of these configurations to specify the mappings between these ports. If you are using nonstandard ports in jetty.xml for your connectors, configure the ports here.
SAP Mobile Platform uses a UserDetailsCache class to obtain the user details that are used during authentication and authorization, which is, in a standard setup, located in:
<SMP_HOME>\Server\configuration\com.sap.mobile.platform.server.mobiliser.core\userdetails-ehcache.xml
The default EhCache configuration for the UserDetailsCache looks like:
<?xml version="1.0" encoding="UTF-8"?>
<ehcache xsi:noNamespaceSchemaLocation="http://ehcache.org/ehcache.xsd" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <defaultCache 
timeToLiveSeconds="0" timeToIdleSeconds="600" memoryStoreEvictionPolicy="LRU" 
overflowToDisk="false" eternal="false" maxElementsInMemory="50"/>
<cache timeToLiveSeconds="5" timeToIdleSeconds="5" memoryStoreEvictionPolicy="LRU" 
overflowToDisk="false" eternal="false" maxElementsInMemory="100" 
name="userDetailsCache"/> </ehcache>