001/* 002 * Copyright 2012-2018 the original author or authors. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016 017package org.springframework.boot.autoconfigure.security; 018 019import java.util.ArrayList; 020import java.util.Arrays; 021import java.util.HashSet; 022import java.util.List; 023import java.util.Set; 024import java.util.UUID; 025 026import org.springframework.boot.context.properties.ConfigurationProperties; 027import org.springframework.boot.web.servlet.DispatcherType; 028import org.springframework.boot.web.servlet.filter.OrderedFilter; 029import org.springframework.core.Ordered; 030import org.springframework.util.StringUtils; 031 032/** 033 * Configuration properties for Spring Security. 034 * 035 * @author Dave Syer 036 * @author Andy Wilkinson 037 * @author Madhura Bhave 038 */ 039@ConfigurationProperties(prefix = "spring.security") 040public class SecurityProperties { 041 042 /** 043 * Order applied to the WebSecurityConfigurerAdapter that is used to configure basic 044 * authentication for application endpoints. If you want to add your own 045 * authentication for all or some of those endpoints the best thing to do is to add 046 * your own WebSecurityConfigurerAdapter with lower order. 047 */ 048 public static final int BASIC_AUTH_ORDER = Ordered.LOWEST_PRECEDENCE - 5; 049 050 /** 051 * Order applied to the WebSecurityConfigurer that ignores standard static resource 052 * paths. 053 */ 054 public static final int IGNORED_ORDER = Ordered.HIGHEST_PRECEDENCE; 055 056 /** 057 * Default order of Spring Security's Filter in the servlet container (i.e. amongst 058 * other filters registered with the container). There is no connection between this 059 * and the {@code @Order} on a WebSecurityConfigurer. 060 */ 061 public static final int DEFAULT_FILTER_ORDER = OrderedFilter.REQUEST_WRAPPER_FILTER_MAX_ORDER 062 - 100; 063 064 private final Filter filter = new Filter(); 065 066 private User user = new User(); 067 068 public User getUser() { 069 return this.user; 070 } 071 072 public Filter getFilter() { 073 return this.filter; 074 } 075 076 public static class Filter { 077 078 /** 079 * Security filter chain order. 080 */ 081 private int order = DEFAULT_FILTER_ORDER; 082 083 /** 084 * Security filter chain dispatcher types. 085 */ 086 private Set<DispatcherType> dispatcherTypes = new HashSet<>(Arrays.asList( 087 DispatcherType.ASYNC, DispatcherType.ERROR, DispatcherType.REQUEST)); 088 089 public int getOrder() { 090 return this.order; 091 } 092 093 public void setOrder(int order) { 094 this.order = order; 095 } 096 097 public Set<DispatcherType> getDispatcherTypes() { 098 return this.dispatcherTypes; 099 } 100 101 public void setDispatcherTypes(Set<DispatcherType> dispatcherTypes) { 102 this.dispatcherTypes = dispatcherTypes; 103 } 104 105 } 106 107 public static class User { 108 109 /** 110 * Default user name. 111 */ 112 private String name = "user"; 113 114 /** 115 * Password for the default user name. 116 */ 117 private String password = UUID.randomUUID().toString(); 118 119 /** 120 * Granted roles for the default user name. 121 */ 122 private List<String> roles = new ArrayList<>(); 123 124 private boolean passwordGenerated = true; 125 126 public String getName() { 127 return this.name; 128 } 129 130 public void setName(String name) { 131 this.name = name; 132 } 133 134 public String getPassword() { 135 return this.password; 136 } 137 138 public void setPassword(String password) { 139 if (!StringUtils.hasLength(password)) { 140 return; 141 } 142 this.passwordGenerated = false; 143 this.password = password; 144 } 145 146 public List<String> getRoles() { 147 return this.roles; 148 } 149 150 public void setRoles(List<String> roles) { 151 this.roles = new ArrayList<>(roles); 152 } 153 154 public boolean isPasswordGenerated() { 155 return this.passwordGenerated; 156 } 157 158 } 159 160}