Add error metadata for Security-related keys

spring-boot-actuator-autoconfigure/src/main/resources/META-INF/additional-spring-configuration-metadata.json

@@ -889,6 +889,32 @@
       "level" : "error"
     }
   },
+  {
+    "name" : "management.security.enabled",
+    "type" : "java.lang.Boolean",
+    "description" : "Enable security.",
+    "defaultValue" : true,
+    "deprecation" : {
+      "reason": "A global security auto-configuration is now provided. Provide your own WebSecurityConfigurer bean instead.",
+      "level" : "error"
+    }
+  }, {
+    "name" : "management.security.roles",
+    "type" : "java.util.List<java.lang.String>",
+    "description" : "Comma-separated list of roles that can access the management endpoint.",
+    "deprecation" : {
+      "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.",
+      "level" : "error"
+    }
+  }, {
+    "name" : "management.security.sessions",
+    "description" : "Session creating policy for security use (always, never, if_required,\n stateless).",
+    "defaultValue" : "stateless",
+    "deprecation" : {
+      "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.",
+      "level" : "error"
+    }
+  },
   {
     "name" : "management.shell.auth.jaas.domain",
     "type" : "java.lang.String",

spring-boot-autoconfigure/src/main/resources/META-INF/additional-spring-configuration-metadata.json

@@ -714,6 +714,170 @@
       "level": "error"
     }
   },
+  {
+    "name" : "security.basic.authorize-mode",
+    "description" : "Security authorize mode to apply.",
+    "defaultValue" : "role",
+    "deprecation" : {
+      "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.",
+      "level" : "error"
+    }
+  }, {
+    "name" : "security.basic.path",
+    "type" : "java.lang.String[]",
+    "description" : "Comma-separated list of paths to secure.",
+    "defaultValue" : [ "/**" ],
+    "deprecation" : {
+      "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.",
+      "level" : "error"
+    }
+  }, {
+    "name" : "security.basic.realm",
+    "type" : "java.lang.String",
+    "description" : "HTTP basic realm name.",
+    "defaultValue" : "Spring",
+    "deprecation" : {
+      "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.",
+      "level" : "error"
+    }
+  }, {
+    "name" : "security.enable-csrf",
+    "type" : "java.lang.Boolean",
+    "description" : "Enable Cross Site Request Forgery support.",
+    "defaultValue" : false,
+    "deprecation" : {
+      "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.",
+      "level" : "error"
+    }
+  }, {
+    "name" : "security.headers.cache",
+    "type" : "java.lang.Boolean",
+    "description" : "Enable cache control HTTP headers.",
+    "defaultValue" : true,
+    "deprecation" : {
+      "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.",
+      "level" : "error"
+    }
+  }, {
+    "name" : "security.headers.content-security-policy",
+    "type" : "java.lang.String",
+    "description" : "Value for content security policy header.",
+    "deprecation" : {
+      "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.",
+      "level" : "error"
+    }
+  }, {
+    "name" : "security.headers.content-security-policy-mode",
+    "description" : "Content security policy mode.",
+    "defaultValue" : "default",
+    "deprecation" : {
+      "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.",
+      "level" : "error"
+    }
+  }, {
+    "name" : "security.headers.content-type",
+    "type" : "java.lang.Boolean",
+    "description" : "Enable \"X-Content-Type-Options\" header.",
+    "defaultValue" : true,
+    "deprecation" : {
+      "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.",
+      "level" : "error"
+    }
+  }, {
+    "name" : "security.headers.frame",
+    "type" : "java.lang.Boolean",
+    "description" : "Enable \"X-Frame-Options\" header.",
+    "defaultValue" : true,
+    "deprecation" : {
+      "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.",
+      "level" : "error"
+    }
+  }, {
+    "name" : "security.headers.hsts",
+    "description" : "HTTP Strict Transport Security (HSTS) mode (none, domain, all).",
+    "defaultValue" : "all",
+    "deprecation" : {
+      "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.",
+      "level" : "error"
+    }
+  }, {
+    "name" : "security.headers.xss",
+    "type" : "java.lang.Boolean",
+    "description" : "Enable cross site scripting (XSS) protection.",
+    "defaultValue" : true,
+    "deprecation" : {
+      "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.",
+      "level" : "error"
+    }
+  }, {
+    "name" : "security.ignored",
+    "type" : "java.util.List<java.lang.String>",
+    "description" : "Comma-separated list of paths to exclude from the default secured paths.",
+    "deprecation" : {
+      "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.",
+      "level" : "error"
+    }
+  }, {
+    "name" : "security.oauth2.resource.filter-order",
+    "type" : "java.lang.Integer",
+    "description" : "The order of the filter chain used to authenticate tokens. Default puts it after\n the actuator endpoints and before the default HTTP basic filter chain (catchall).",
+    "defaultValue" : 0,
+    "deprecation" : {
+      "reason": "The security auto-configuration does no longer provide several security configurations. Their ordering is now explicit in your own security configuration.",
+      "level" : "error"
+    }
+  }, {
+    "name" : "security.oauth2.sso.filter-order",
+    "type" : "java.lang.Integer",
+    "description" : "Filter order to apply if not providing an explicit WebSecurityConfigurerAdapter (in\n which case the order can be provided there instead).",
+    "deprecation" : {
+      "reason": "The security auto-configuration does no longer provide several security configurations. Their ordering is now explicit in your own security configuration.",
+      "level" : "error"
+    }
+  }, {
+    "name" : "security.require-ssl",
+    "type" : "java.lang.Boolean",
+    "description" : "Enable secure channel for all requests.",
+    "defaultValue" : false,
+    "deprecation" : {
+      "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.",
+      "level" : "error"
+    }
+  }, {
+    "name" : "security.sessions",
+    "type" : "org.springframework.security.config.http.SessionCreationPolicy",
+    "description" : "Session creation policy (always, never, if_required, stateless).",
+    "defaultValue" : "stateless",
+    "deprecation" : {
+      "reason": "The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.",
+      "level" : "error"
+    }
+  }, {
+    "name" : "security.user.name",
+    "type" : "java.lang.String",
+    "description" : "Default user name.",
+    "defaultValue" : "user",
+    "deprecation" : {
+      "reason": "The default user is no longer customizable. You can, for instance, define a bean of type UserDetailsService.",
+      "level" : "error"
+    }
+  }, {
+    "name" : "security.user.password",
+    "type" : "java.lang.String",
+    "description" : "Password for the default user name.",
+    "deprecation" : {
+      "reason": "The default user is no longer customizable. You can, for instance, define a bean of type UserDetailsService.",
+      "level" : "error"
+    }
+  }, {
+    "name" : "security.user.role",
+    "type" : "java.util.List<java.lang.String>",
+    "description" : "Granted roles for the default user name.",
+    "deprecation" : {
+      "reason": "The default user is no longer customizable. You can, for instance, define a bean of type UserDetailsService.",
+      "level" : "error"
+    }
+  },
   {
     "name": "server.context-parameters",
     "type": "java.util.Map<java.lang.String,java.lang.String>",