类 SpringBootWebSecurityConfiguration
- java.lang.Object
- org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration
@Configuration @EnableConfigurationProperties @ConditionalOnClass({org.springframework.security.config.annotation.web.configuration.EnableWebSecurity.class,org.springframework.security.web.AuthenticationEntryPoint.class}) @ConditionalOnMissingBean(org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.class) @ConditionalOnWebApplication @EnableWebSecurity public class SpringBootWebSecurityConfiguration extends Object
Configuration for security of a web application or service. By default everything is secured with HTTP Basic authentication except theexplicitly ignored
paths (defaults to/css/**, /js/**, /images/**, /**/favicon.ico
). Many aspects of the behavior can be controller withSecurityProperties
via externalized application properties (or via an bean definition of that type to set the defaults). The user details for authentication are just placeholders(username=user, password=password)
but can easily be customized by providing a anAuthenticationManager
. Also provides audit logging of authentication events.Some common simple customizations:
- Switch off security completely and permanently: remove Spring Security from the classpath or
exclude
SecurityAutoConfiguration
. - Switch off security temporarily (e.g. for a dev environment): set
security.basic.enabled=false
- Customize the user details: autowire an
AuthenticationManagerBuilder
into a method in one of your configuration classes or equivalently add a bean of type AuthenticationManager - Add form login for user facing resources: add a
WebSecurityConfigurerAdapter
and useHttpSecurity.formLogin()
- Switch off security completely and permanently: remove Spring Security from the classpath or
嵌套类概要
嵌套类 修饰符和类型 类 说明 protected static class
SpringBootWebSecurityConfiguration.ApplicationNoWebSecurityConfigurerAdapter
protected static class
SpringBootWebSecurityConfiguration.ApplicationWebSecurityConfigurerAdapter
构造器概要
构造器 构造器 说明 SpringBootWebSecurityConfiguration()
方法概要
所有方法 静态方法 实例方法 具体方法 修饰符和类型 方法 说明 static void
configureHeaders(org.springframework.security.config.annotation.web.configurers.HeadersConfigurer<?> configurer, SecurityProperties.Headers headers)
IgnoredRequestCustomizer
defaultIgnoredRequestsCustomizer(ServerProperties server, SecurityProperties security, org.springframework.beans.factory.ObjectProvider<ErrorController> errorController)
org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration.IgnoredPathsWebSecurityConfigurerAdapter
ignoredPathsWebSecurityConfigurerAdapter(List<IgnoredRequestCustomizer> customizers)
构造器详细资料
SpringBootWebSecurityConfiguration
public SpringBootWebSecurityConfiguration()
方法详细资料
ignoredPathsWebSecurityConfigurerAdapter
@Bean @ConditionalOnMissingBean(org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration.IgnoredPathsWebSecurityConfigurerAdapter.class) public org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration.IgnoredPathsWebSecurityConfigurerAdapter ignoredPathsWebSecurityConfigurerAdapter(List<IgnoredRequestCustomizer> customizers)
defaultIgnoredRequestsCustomizer
@Bean public IgnoredRequestCustomizer defaultIgnoredRequestsCustomizer(ServerProperties server, SecurityProperties security, org.springframework.beans.factory.ObjectProvider<ErrorController> errorController)
configureHeaders
public static void configureHeaders(org.springframework.security.config.annotation.web.configurers.HeadersConfigurer<?> configurer, SecurityProperties.Headers headers) throws Exception
- 抛出:
Exception