From 033939e3c0393b5af1cda46bbb2372e673711195 Mon Sep 17 00:00:00 2001 From: Stephane Nicoll Date: Thu, 14 Sep 2017 15:47:20 +0200 Subject: [PATCH] Add error metadata for Security-related keys --- ...itional-spring-configuration-metadata.json | 26 +++ ...itional-spring-configuration-metadata.json | 164 ++++++++++++++++++ 2 files changed, 190 insertions(+) diff --git a/spring-boot-actuator-autoconfigure/src/main/resources/META-INF/additional-spring-configuration-metadata.json b/spring-boot-actuator-autoconfigure/src/main/resources/META-INF/additional-spring-configuration-metadata.json index 33ba4002f30..4c0ceedcfcf 100644 --- a/spring-boot-actuator-autoconfigure/src/main/resources/META-INF/additional-spring-configuration-metadata.json +++ b/spring-boot-actuator-autoconfigure/src/main/resources/META-INF/additional-spring-configuration-metadata.json @@ -889,6 +889,32 @@ "level" : "error" } }, + { + "name" : "management.security.enabled", + "type" : "java.lang.Boolean", + "description" : "Enable security.", + "defaultValue" : true, + "deprecation" : { + "reason": "A global security auto-configuration is now provided. Provide your own WebSecurityConfigurer bean instead.", + "level" : "error" + } + }, { + "name" : "management.security.roles", + "type" : "java.util.List", + "description" : "Comma-separated list of roles that can access the management endpoint.", + "deprecation" : { + "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.", + "level" : "error" + } + }, { + "name" : "management.security.sessions", + "description" : "Session creating policy for security use (always, never, if_required,\n stateless).", + "defaultValue" : "stateless", + "deprecation" : { + "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.", + "level" : "error" + } + }, { "name" : "management.shell.auth.jaas.domain", "type" : "java.lang.String", diff --git a/spring-boot-autoconfigure/src/main/resources/META-INF/additional-spring-configuration-metadata.json b/spring-boot-autoconfigure/src/main/resources/META-INF/additional-spring-configuration-metadata.json index d023a39403d..9291b61f8c3 100644 --- a/spring-boot-autoconfigure/src/main/resources/META-INF/additional-spring-configuration-metadata.json +++ b/spring-boot-autoconfigure/src/main/resources/META-INF/additional-spring-configuration-metadata.json @@ -714,6 +714,170 @@ "level": "error" } }, + { + "name" : "security.basic.authorize-mode", + "description" : "Security authorize mode to apply.", + "defaultValue" : "role", + "deprecation" : { + "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.", + "level" : "error" + } + }, { + "name" : "security.basic.path", + "type" : "java.lang.String[]", + "description" : "Comma-separated list of paths to secure.", + "defaultValue" : [ "/**" ], + "deprecation" : { + "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.", + "level" : "error" + } + }, { + "name" : "security.basic.realm", + "type" : "java.lang.String", + "description" : "HTTP basic realm name.", + "defaultValue" : "Spring", + "deprecation" : { + "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.", + "level" : "error" + } + }, { + "name" : "security.enable-csrf", + "type" : "java.lang.Boolean", + "description" : "Enable Cross Site Request Forgery support.", + "defaultValue" : false, + "deprecation" : { + "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.", + "level" : "error" + } + }, { + "name" : "security.headers.cache", + "type" : "java.lang.Boolean", + "description" : "Enable cache control HTTP headers.", + "defaultValue" : true, + "deprecation" : { + "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.", + "level" : "error" + } + }, { + "name" : "security.headers.content-security-policy", + "type" : "java.lang.String", + "description" : "Value for content security policy header.", + "deprecation" : { + "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.", + "level" : "error" + } + }, { + "name" : "security.headers.content-security-policy-mode", + "description" : "Content security policy mode.", + "defaultValue" : "default", + "deprecation" : { + "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.", + "level" : "error" + } + }, { + "name" : "security.headers.content-type", + "type" : "java.lang.Boolean", + "description" : "Enable \"X-Content-Type-Options\" header.", + "defaultValue" : true, + "deprecation" : { + "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.", + "level" : "error" + } + }, { + "name" : "security.headers.frame", + "type" : "java.lang.Boolean", + "description" : "Enable \"X-Frame-Options\" header.", + "defaultValue" : true, + "deprecation" : { + "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.", + "level" : "error" + } + }, { + "name" : "security.headers.hsts", + "description" : "HTTP Strict Transport Security (HSTS) mode (none, domain, all).", + "defaultValue" : "all", + "deprecation" : { + "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.", + "level" : "error" + } + }, { + "name" : "security.headers.xss", + "type" : "java.lang.Boolean", + "description" : "Enable cross site scripting (XSS) protection.", + "defaultValue" : true, + "deprecation" : { + "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.", + "level" : "error" + } + }, { + "name" : "security.ignored", + "type" : "java.util.List", + "description" : "Comma-separated list of paths to exclude from the default secured paths.", + "deprecation" : { + "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.", + "level" : "error" + } + }, { + "name" : "security.oauth2.resource.filter-order", + "type" : "java.lang.Integer", + "description" : "The order of the filter chain used to authenticate tokens. Default puts it after\n the actuator endpoints and before the default HTTP basic filter chain (catchall).", + "defaultValue" : 0, + "deprecation" : { + "reason": "The security auto-configuration does no longer provide several security configurations. Their ordering is now explicit in your own security configuration.", + "level" : "error" + } + }, { + "name" : "security.oauth2.sso.filter-order", + "type" : "java.lang.Integer", + "description" : "Filter order to apply if not providing an explicit WebSecurityConfigurerAdapter (in\n which case the order can be provided there instead).", + "deprecation" : { + "reason": "The security auto-configuration does no longer provide several security configurations. Their ordering is now explicit in your own security configuration.", + "level" : "error" + } + }, { + "name" : "security.require-ssl", + "type" : "java.lang.Boolean", + "description" : "Enable secure channel for all requests.", + "defaultValue" : false, + "deprecation" : { + "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.", + "level" : "error" + } + }, { + "name" : "security.sessions", + "type" : "org.springframework.security.config.http.SessionCreationPolicy", + "description" : "Session creation policy (always, never, if_required, stateless).", + "defaultValue" : "stateless", + "deprecation" : { + "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.", + "level" : "error" + } + }, { + "name" : "security.user.name", + "type" : "java.lang.String", + "description" : "Default user name.", + "defaultValue" : "user", + "deprecation" : { + "reason": "The default user is no longer customizable. You can, for instance, define a bean of type UserDetailsService.", + "level" : "error" + } + }, { + "name" : "security.user.password", + "type" : "java.lang.String", + "description" : "Password for the default user name.", + "deprecation" : { + "reason": "The default user is no longer customizable. You can, for instance, define a bean of type UserDetailsService.", + "level" : "error" + } + }, { + "name" : "security.user.role", + "type" : "java.util.List", + "description" : "Granted roles for the default user name.", + "deprecation" : { + "reason": "The default user is no longer customizable. You can, for instance, define a bean of type UserDetailsService.", + "level" : "error" + } + }, { "name": "server.context-parameters", "type": "java.util.Map",