org.springframework.boot.actuate.autoconfigure

Class SecurityAutoConfiguration

java.lang.Object

org.springframework.boot.actuate.autoconfigure.SecurityAutoConfiguration

@Configuration
@ConditionalOnClass(value=)
@EnableConfigurationProperties
public class SecurityAutoConfiguration
extends Object

Auto-configuration for security of a web application or service. By default everything is secured with HTTP Basic authentication except the explicitly ignored paths (defaults to /css/**, /js/**, /images/**, /**/favicon.ico ). Many aspects of the behavior can be controller with SecurityProperties via externalized application properties (or via an bean definition of that type to set the defaults). The user details for authentication are just placeholders (username=user, password=password) but can easily be customized by providing a bean definition of type AuthenticationManager. Also provides audit logging of authentication events.

The framework Endpoints (used to expose application information to operations) include a sensitive configuration option which will be used as a security hint by the filter created here.

Some common simple customizations:

• Switch off security completely and permanently: remove Spring Security from the classpath or exclude this configuration.
• Switch off security temporarily (e.g. for a dev environment): set security.basic.enabled: false
• Customize the user details: add an AuthenticationManager bean
• Add form login for user facing resources: add a WebSecurityConfigurerAdapter and use HttpSecurity#formLogin()

Author:

Dave Syer

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	SecurityAutoConfiguration.AuthenticationManagerConfiguration

Constructor Summary

Constructors

Constructor and Description
SecurityAutoConfiguration()

Method Summary

Methods

Modifier and Type	Method and Description
WebSecurityConfigurerAdapter	applicationWebSecurityConfigurerAdapter()
AuthenticationEventPublisher	authenticationEventPublisher()
WebSecurityConfigurerAdapter	managementWebSecurityConfigurerAdapter()
SecurityProperties	securityProperties()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecurityAutoConfiguration

public SecurityAutoConfiguration()

Method Detail

securityProperties

@Bean(name="org.springframework.actuate.properties.SecurityProperties")
@ConditionalOnMissingBean
public SecurityProperties securityProperties()

authenticationEventPublisher

@Bean
@ConditionalOnMissingBean
public AuthenticationEventPublisher authenticationEventPublisher()

applicationWebSecurityConfigurerAdapter

@Bean
@ConditionalOnMissingBean(value=org.springframework.boot.actuate.autoconfigure.SecurityAutoConfiguration.ApplicationWebSecurityConfigurerAdapter.class)
public WebSecurityConfigurerAdapter applicationWebSecurityConfigurerAdapter()

managementWebSecurityConfigurerAdapter

@Bean
@ConditionalOnMissingBean(value=org.springframework.boot.actuate.autoconfigure.SecurityAutoConfiguration.ManagementWebSecurityConfigurerAdapter.class)
public WebSecurityConfigurerAdapter managementWebSecurityConfigurerAdapter()