001/* 002 * Copyright 2012-2018 the original author or authors. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016 017package org.springframework.boot.actuate.autoconfigure.security.servlet; 018 019import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointAutoConfiguration; 020import org.springframework.boot.actuate.autoconfigure.health.HealthEndpointAutoConfiguration; 021import org.springframework.boot.actuate.autoconfigure.info.InfoEndpointAutoConfiguration; 022import org.springframework.boot.autoconfigure.AutoConfigureAfter; 023import org.springframework.boot.autoconfigure.AutoConfigureBefore; 024import org.springframework.boot.autoconfigure.EnableAutoConfiguration; 025import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; 026import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; 027import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication; 028import org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientAutoConfiguration; 029import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration; 030import org.springframework.boot.autoconfigure.security.servlet.WebSecurityEnablerConfiguration; 031import org.springframework.context.annotation.Configuration; 032import org.springframework.context.annotation.Import; 033import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 034 035/** 036 * {@link EnableAutoConfiguration Auto-configuration} for Spring Security when actuator is 037 * on the classpath. Specifically, it permits access to the health and info endpoints 038 * while securing everything else. 039 * 040 * @author Madhura Bhave 041 * @since 2.1.0 042 */ 043@Configuration 044@ConditionalOnClass(WebSecurityConfigurerAdapter.class) 045@ConditionalOnMissingBean(WebSecurityConfigurerAdapter.class) 046@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET) 047@AutoConfigureBefore(SecurityAutoConfiguration.class) 048@AutoConfigureAfter({ HealthEndpointAutoConfiguration.class, 049 InfoEndpointAutoConfiguration.class, WebEndpointAutoConfiguration.class, 050 OAuth2ClientAutoConfiguration.class }) 051@Import({ ManagementWebSecurityConfigurerAdapter.class, 052 WebSecurityEnablerConfiguration.class }) 053public class ManagementWebSecurityAutoConfiguration { 054 055}