@Configuration @EnableConfigurationProperties @ConditionalOnClass(value={org.springframework.security.config.annotation.web.configuration.EnableWebSecurity.class,org.springframework.security.web.AuthenticationEntryPoint.class}) @ConditionalOnMissingBean(value=org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.class) @ConditionalOnWebApplication @EnableWebSecurity public class SpringBootWebSecurityConfiguration extends Object
Auto-configuration
for security of a web application or
service. By default everything is secured with HTTP Basic authentication except the
explicitly ignored
paths (defaults to
/css/**, /js/**, /images/**, /**/favicon.ico
). Many aspects of the behavior can be controller with SecurityProperties
via
externalized application properties (or via an bean definition of that type to set the
defaults). The user details for authentication are just placeholders
(username=user, password=password)
but can easily be customized by providing a
an AuthenticationManager
. Also provides audit logging of authentication events.
Some common simple customizations:
exclude
this configuration.security.basic.enabled: false
AuthenticationManagerBuilder
into a
method in one of your configuration classes or equivalently add a bean of type
AuthenticationManagerWebSecurityConfigurerAdapter
and use HttpSecurity.formLogin()
Modifier and Type | Class and Description |
---|---|
protected static class |
SpringBootWebSecurityConfiguration.ApplicationNoWebSecurityConfigurerAdapter |
protected static class |
SpringBootWebSecurityConfiguration.ApplicationWebSecurityConfigurerAdapter |
Constructor and Description |
---|
SpringBootWebSecurityConfiguration() |
Modifier and Type | Method and Description |
---|---|
static void |
configureHeaders(HeadersConfigurer<?> configurer,
SecurityProperties.Headers headers) |
static List<String> |
getIgnored(SecurityProperties security) |
org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration.IgnoredPathsWebSecurityConfigurerAdapter |
ignoredPathsWebSecurityConfigurerAdapter() |
@Bean @ConditionalOnMissingBean(value=org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration.IgnoredPathsWebSecurityConfigurerAdapter.class) public org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration.IgnoredPathsWebSecurityConfigurerAdapter ignoredPathsWebSecurityConfigurerAdapter()
public static void configureHeaders(HeadersConfigurer<?> configurer, SecurityProperties.Headers headers) throws Exception
Exception
public static List<String> getIgnored(SecurityProperties security)
Copyright © 2016 Pivotal Software, Inc.. All rights reserved.