GitHub-Spring
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Security Documentation Cleanup 

- Add link to Spring Security's Global Method Security Java Configuration
- Fix link to SecurityProperties
- Add link to SECURITY Common application properties
- Remove unnecessary @Order from SecurityConfiguration
- Change method signature for @Autowired AuthenticationManagerBuilder to
  compile / match Spring docs
pull/569/merge
Rob Winch 12 years ago committed by Phillip Webb
parent
d42bedf295
commit
f852096c87
3 changed files with 13 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
  2. 18
      spring-boot-docs/src/main/asciidoc/howto.adoc
  3. 3
      spring-boot-docs/src/main/asciidoc/index.adoc

1
spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
Unescape View File

@ -80,6 +80,7 @@ spring.thymeleaf.cache=true # set to false for hot refresh @@ -80,6 +80,7 @@ spring.thymeleaf.cache=true # set to false for hot refresh
spring.messages.basename=messages
spring.messages.encoding=UTF-8
[[common-application-properties-security]]
# SECURITY ({sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[SecurityProperties])
security.user.name=user # login username
security.user.password= # login password

18
spring-boot-docs/src/main/asciidoc/howto.adoc
Unescape View File

@ -1101,11 +1101,15 @@ Look at {sc-spring-boot-actuator}/autoconfigure/ErrorMvcAutoConfiguration.{sc-ex @@ -1101,11 +1101,15 @@ Look at {sc-spring-boot-actuator}/autoconfigure/ErrorMvcAutoConfiguration.{sc-ex
If Spring Security is on the classpath then web applications will be secure by default
(``basic'' authentication on all endpoints) . To add method-level security to a web
application you can simply `@EnableGlobalMethodSecurity` with your desired settings.
Additional information can be found in the {spring-security-reference}#jc-method[Spring
Security Reference].
The default `AuthenticationManager` has a single user (username ``user'' and password
random, printed at INFO level when the application starts up). You can change the
password by providing a `security.user.password`. This and other useful properties
are externalized via {sc-spring-boot-autoconfigure}/security/SecurityProperties{sc-ext}[`SecurityProperties`.
are externalized via
{sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[`SecurityProperties`].
[[howto-switch-off-spring-boot-security-configuration]]
@ -1114,7 +1118,8 @@ If you define a `@Configuration` with `@EnableWebSecurity` anywhere in your appl @@ -1114,7 +1118,8 @@ If you define a `@Configuration` with `@EnableWebSecurity` anywhere in your appl
it will switch off the default webapp security settings in Spring Boot. To tweak the
defaults try setting properties in `security.*` (see
{sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[`SecurityProperties`]
for details of available settings).
for details of available settings) and `SECURITY` section of
<<common-application-properties-security,Common application properties>>.
@ -1132,12 +1137,12 @@ use this in a webapp is to inject it into a void method in a @@ -1132,12 +1137,12 @@ use this in a webapp is to inject it into a void method in a
[source,java,indent=0,subs="verbatim,quotes,attributes"]
----
@Configuration
@Order(0)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
protected void init(AuthenticationManagerBuilder builder) {
builder.inMemoryAuthentication().withUser("barry"); // ... etc.
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("barry").password("password").roles("USER"); // ... etc.
}
// ... other stuff for application security
@ -1145,9 +1150,6 @@ use this in a webapp is to inject it into a void method in a @@ -1145,9 +1150,6 @@ use this in a webapp is to inject it into a void method in a
}
----
The configuration class that does this should declare an `@Order` so that it is used
before the default one in Spring Boot (which has very low precedence).
[[howto-enable-https]]

3
spring-boot-docs/src/main/asciidoc/index.adoc
Unescape View File

@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
= Spring Boot Reference Guide
Phillip Webb; Dave Syer; Josh Long; Stéphane Nicoll;
Phillip Webb; Dave Syer; Josh Long; Stéphane Nicoll; Rob Winch;
:doctype: book
:toc:
:toclevels: 4
@ -24,6 +24,7 @@ Phillip Webb; Dave Syer; Josh Long; Stéphane Nicoll; @@ -24,6 +24,7 @@ Phillip Webb; Dave Syer; Josh Long; Stéphane Nicoll;
:dc-spring-boot-autoconfigure: {dc-root}/org/springframework/boot/autoconfigure
:dc-spring-boot-actuator: {dc-root}/org/springframework/boot/actuate
:spring-reference: http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle
:spring-security-reference: http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle
:spring-javadoc: http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework
:spring-data-javadoc: http://docs.spring.io/spring-data/jpa/docs/current/api/org/springframework/data/jpa
:spring-data-commons-javadoc: http://docs.spring.io/spring-data/commons/docs/current/api/org/springframework/data

Write Preview
Loading…
Cancel
Save