org.springframework.boot.autoconfigure.security.SecurityProperties(Source code)

001/*
002 * Copyright 2012-2018 the original author or authors.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016
017package org.springframework.boot.autoconfigure.security;
018
019import java.util.ArrayList;
020import java.util.Arrays;
021import java.util.HashSet;
022import java.util.List;
023import java.util.Set;
024import java.util.UUID;
025
026import org.springframework.boot.context.properties.ConfigurationProperties;
027import org.springframework.boot.web.servlet.DispatcherType;
028import org.springframework.boot.web.servlet.filter.OrderedFilter;
029import org.springframework.core.Ordered;
030import org.springframework.util.StringUtils;
031
032/**
033 * Configuration properties for Spring Security.
034 *
035 * @author Dave Syer
036 * @author Andy Wilkinson
037 * @author Madhura Bhave
038 */
039@ConfigurationProperties(prefix = "spring.security")
040public class SecurityProperties {
041
042        /**
043         * Order applied to the WebSecurityConfigurerAdapter that is used to configure basic
044         * authentication for application endpoints. If you want to add your own
045         * authentication for all or some of those endpoints the best thing to do is to add
046         * your own WebSecurityConfigurerAdapter with lower order.
047         */
048        public static final int BASIC_AUTH_ORDER = Ordered.LOWEST_PRECEDENCE - 5;
049
050        /**
051         * Order applied to the WebSecurityConfigurer that ignores standard static resource
052         * paths.
053         */
054        public static final int IGNORED_ORDER = Ordered.HIGHEST_PRECEDENCE;
055
056        /**
057         * Default order of Spring Security's Filter in the servlet container (i.e. amongst
058         * other filters registered with the container). There is no connection between this
059         * and the {@code @Order} on a WebSecurityConfigurer.
060         */
061        public static final int DEFAULT_FILTER_ORDER = OrderedFilter.REQUEST_WRAPPER_FILTER_MAX_ORDER
062                        - 100;
063
064        private final Filter filter = new Filter();
065
066        private User user = new User();
067
068        public User getUser() {
069                return this.user;
070        }
071
072        public Filter getFilter() {
073                return this.filter;
074        }
075
076        public static class Filter {
077
078                /**
079                 * Security filter chain order.
080                 */
081                private int order = DEFAULT_FILTER_ORDER;
082
083                /**
084                 * Security filter chain dispatcher types.
085                 */
086                private Set<DispatcherType> dispatcherTypes = new HashSet<>(Arrays.asList(
087                                DispatcherType.ASYNC, DispatcherType.ERROR, DispatcherType.REQUEST));
088
089                public int getOrder() {
090                        return this.order;
091                }
092
093                public void setOrder(int order) {
094                        this.order = order;
095                }
096
097                public Set<DispatcherType> getDispatcherTypes() {
098                        return this.dispatcherTypes;
099                }
100
101                public void setDispatcherTypes(Set<DispatcherType> dispatcherTypes) {
102                        this.dispatcherTypes = dispatcherTypes;
103                }
104
105        }
106
107        public static class User {
108
109                /**
110                 * Default user name.
111                 */
112                private String name = "user";
113
114                /**
115                 * Password for the default user name.
116                 */
117                private String password = UUID.randomUUID().toString();
118
119                /**
120                 * Granted roles for the default user name.
121                 */
122                private List<String> roles = new ArrayList<>();
123
124                private boolean passwordGenerated = true;
125
126                public String getName() {
127                        return this.name;
128                }
129
130                public void setName(String name) {
131                        this.name = name;
132                }
133
134                public String getPassword() {
135                        return this.password;
136                }
137
138                public void setPassword(String password) {
139                        if (!StringUtils.hasLength(password)) {
140                                return;
141                        }
142                        this.passwordGenerated = false;
143                        this.password = password;
144                }
145
146                public List<String> getRoles() {
147                        return this.roles;
148                }
149
150                public void setRoles(List<String> roles) {
151                        this.roles = new ArrayList<>(roles);
152                }
153
154                public boolean isPasswordGenerated() {
155                        return this.passwordGenerated;
156                }
157
158        }
159
160}