@Configuration @EnableConfigurationProperties @ConditionalOnClass(value={org.springframework.security.config.annotation.web.configuration.EnableWebSecurity.class,org.springframework.security.web.AuthenticationEntryPoint.class}) @ConditionalOnMissingBean(value=org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.class) @ConditionalOnWebApplication @EnableWebSecurity public class SpringBootWebSecurityConfiguration extends Object
explicitly ignored
paths (defaults to
/css/**, /js/**, /images/**, /**/favicon.ico
). Many aspects of the behavior can be controller with SecurityProperties
via
externalized application properties (or via an bean definition of that type to set the
defaults). The user details for authentication are just placeholders
(username=user, password=password)
but can easily be customized by providing a
an AuthenticationManager
. Also provides audit logging of authentication events.
Some common simple customizations:
exclude
SecurityAutoConfiguration
.security.basic.enabled=false
AuthenticationManagerBuilder
into a
method in one of your configuration classes or equivalently add a bean of type
AuthenticationManagerWebSecurityConfigurerAdapter
and use HttpSecurity.formLogin()
Modifier and Type | Class and Description |
---|---|
protected static class |
SpringBootWebSecurityConfiguration.ApplicationNoWebSecurityConfigurerAdapter |
protected static class |
SpringBootWebSecurityConfiguration.ApplicationWebSecurityConfigurerAdapter |
Constructor and Description |
---|
SpringBootWebSecurityConfiguration() |
Modifier and Type | Method and Description |
---|---|
static void |
configureHeaders(HeadersConfigurer<?> configurer,
SecurityProperties.Headers headers) |
IgnoredRequestCustomizer |
defaultIgnoredRequestsCustomizer(ServerProperties server,
SecurityProperties security,
ObjectProvider<ErrorController> errorController) |
static List<String> |
getIgnored(SecurityProperties security) |
org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration.IgnoredPathsWebSecurityConfigurerAdapter |
ignoredPathsWebSecurityConfigurerAdapter(List<IgnoredRequestCustomizer> customizers) |
@Bean @ConditionalOnMissingBean(value=org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration.IgnoredPathsWebSecurityConfigurerAdapter.class) public org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration.IgnoredPathsWebSecurityConfigurerAdapter ignoredPathsWebSecurityConfigurerAdapter(List<IgnoredRequestCustomizer> customizers)
@Bean public IgnoredRequestCustomizer defaultIgnoredRequestsCustomizer(ServerProperties server, SecurityProperties security, ObjectProvider<ErrorController> errorController)
public static void configureHeaders(HeadersConfigurer<?> configurer, SecurityProperties.Headers headers) throws Exception
Exception
public static List<String> getIgnored(SecurityProperties security)
Copyright © 2017 Pivotal Software, Inc.. All rights reserved.