Form-Based Authentication

Form-based authentication replaces the browser’s Basic dialog with a custom, branded login page. Credentials are validated against the ASEE Flow engine’s Identity Service.

Dependency

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-security</artifactId>
</dependency>

This dependency is provided in the starter, so include it explicitly.

Configuration

aseeflow:
  webadmin:
    authentication: form

How it works

Unauthenticated users are redirected to the custom login page at /aseeflow-login.html. Credentials are submitted to /webadmin-login; a successful login redirects to /webadmin, and a failed one returns to /aseeflow-login.html?error. Two separate filter chains are used — one for the WebAdmin UI (form login) and one for the REST API. The login page, its logo, and the login endpoint are reachable anonymously; everything else under the base path requires authentication. REST endpoints (/engine-rest/**) are protected by default and return 401 when unauthenticated; set disable-rest-security: true to disable. Logout invalidates the session and returns to the login page.

When to use it

Form authentication suits production web applications that want a user-friendly, branded login, and internal portals where users expect a traditional web login. It is also easy to swap for enterprise SSO (OAuth2 or Keycloak) later.

Properties

Property	Type	Default	Description
`aseeflow.webadmin.authentication`	String	`basic`	Set to `form` to enable this mode.
`aseeflow.webadmin.disable-rest-security`	Boolean	`false`	When `true`, REST endpoints are reachable without authentication.

​Dependency

​Configuration

​How it works

​When to use it

​Properties

Dependency

Configuration

How it works

When to use it

Properties