@Configuration @EnableConfigurationProperties @ConditionalOnClass(value={org.springframework.security.config.annotation.web.configuration.EnableWebSecurity.class,org.springframework.security.web.AuthenticationEntryPoint.class}) @ConditionalOnMissingBean(value=org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.class) @ConditionalOnWebApplication public class SpringBootWebSecurityConfiguration extends Object
Auto-configuration
for security of a web application or
service. By default everything is secured with HTTP Basic authentication except the
explicitly ignored
paths (defaults to
/css/**, /js/**, /images/**, /**/favicon.ico
). Many aspects of the behavior can be controller with SecurityProperties
via
externalized application properties (or via an bean definition of that type to set the
defaults). The user details for authentication are just placeholders
(username=user,
password=password)
but can easily be customized by providing a bean definition
of type AuthenticationManager
. Also provides audit logging of authentication
events.
Some common simple customizations:
exclude
this configuration.security.basic.enabled: false
WebSecurityConfigurerAdapter
and use HttpSecurity.formLogin()
Modifier and Type | Class and Description |
---|---|
protected static class |
SpringBootWebSecurityConfiguration.ApplicationNoWebSecurityConfigurerAdapter |
protected static class |
SpringBootWebSecurityConfiguration.ApplicationWebSecurityConfigurerAdapter |
protected static class |
SpringBootWebSecurityConfiguration.DefaultWebSecurityConfiguration |
protected static class |
SpringBootWebSecurityConfiguration.WebMvcSecurityConfigurationConditions |
Constructor and Description |
---|
SpringBootWebSecurityConfiguration() |
Modifier and Type | Method and Description |
---|---|
static void |
configureHeaders(HeadersConfigurer<?> configurer,
SecurityProperties.Headers headers) |
static List<String> |
getIgnored(SecurityProperties security) |
WebSecurityConfigurer<WebSecurity> |
ignoredPathsWebSecurityConfigurerAdapter() |
FilterRegistrationBean |
securityFilterChainRegistration(Filter securityFilter,
SecurityProperties securityProperties) |
@Bean @ConditionalOnMissingBean(value=org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration.IgnoredPathsWebSecurityConfigurerAdapter.class) public WebSecurityConfigurer<WebSecurity> ignoredPathsWebSecurityConfigurerAdapter()
@Bean @ConditionalOnBean(name="springSecurityFilterChain") public FilterRegistrationBean securityFilterChainRegistration(@Qualifier(value="springSecurityFilterChain") Filter securityFilter, SecurityProperties securityProperties)
public static void configureHeaders(HeadersConfigurer<?> configurer, SecurityProperties.Headers headers) throws Exception
Exception
public static List<String> getIgnored(SecurityProperties security)
Copyright © 2015 Pivotal Software, Inc.. All rights reserved.