Class SpringBootWebSecurityConfiguration
- java.lang.Object
- org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration
@Configuration @EnableConfigurationProperties @ConditionalOnClass({org.springframework.security.config.annotation.web.configuration.EnableWebSecurity.class,org.springframework.security.web.AuthenticationEntryPoint.class}) @ConditionalOnMissingBean(org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.class) @ConditionalOnWebApplication @EnableWebSecurity public class SpringBootWebSecurityConfiguration extends Object
Configuration for security of a web application or service. By default everything is secured with HTTP Basic authentication except theexplicitly ignoredpaths (defaults to/css/**, /js/**, /images/**, /**/favicon.ico). Many aspects of the behavior can be controller withSecurityPropertiesvia externalized application properties (or via an bean definition of that type to set the defaults). The user details for authentication are just placeholders(username=user, password=password)but can easily be customized by providing a anAuthenticationManager. Also provides audit logging of authentication events.Some common simple customizations:
- Switch off security completely and permanently: remove Spring Security from the classpath or
excludeSecurityAutoConfiguration. - Switch off security temporarily (e.g. for a dev environment): set
security.basic.enabled=false - Customize the user details: autowire an
AuthenticationManagerBuilderinto a method in one of your configuration classes or equivalently add a bean of type AuthenticationManager - Add form login for user facing resources: add a
WebSecurityConfigurerAdapterand useHttpSecurity.formLogin()
- Switch off security completely and permanently: remove Spring Security from the classpath or
Nested Class Summary
Nested Classes Modifier and Type Class Description protected static classSpringBootWebSecurityConfiguration.ApplicationNoWebSecurityConfigurerAdapterprotected static classSpringBootWebSecurityConfiguration.ApplicationWebSecurityConfigurerAdapter
Constructor Summary
Constructors Constructor Description SpringBootWebSecurityConfiguration()
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static voidconfigureHeaders(org.springframework.security.config.annotation.web.configurers.HeadersConfigurer<?> configurer, SecurityProperties.Headers headers)IgnoredRequestCustomizerdefaultIgnoredRequestsCustomizer(ServerProperties server, SecurityProperties security, org.springframework.beans.factory.ObjectProvider<ErrorController> errorController)org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration.IgnoredPathsWebSecurityConfigurerAdapterignoredPathsWebSecurityConfigurerAdapter(List<IgnoredRequestCustomizer> customizers)
Constructor Detail
SpringBootWebSecurityConfiguration
public SpringBootWebSecurityConfiguration()
Method Detail
ignoredPathsWebSecurityConfigurerAdapter
@Bean @ConditionalOnMissingBean(org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration.IgnoredPathsWebSecurityConfigurerAdapter.class) public org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration.IgnoredPathsWebSecurityConfigurerAdapter ignoredPathsWebSecurityConfigurerAdapter(List<IgnoredRequestCustomizer> customizers)
defaultIgnoredRequestsCustomizer
@Bean public IgnoredRequestCustomizer defaultIgnoredRequestsCustomizer(ServerProperties server, SecurityProperties security, org.springframework.beans.factory.ObjectProvider<ErrorController> errorController)
configureHeaders
public static void configureHeaders(org.springframework.security.config.annotation.web.configurers.HeadersConfigurer<?> configurer, SecurityProperties.Headers headers) throws Exception
- Throws:
Exception