root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Clarify effect of @EnableWebSecurity when Actuator's being used 

Closes gh-6490
This commit is contained in:
Andy Wilkinson 2016-07-27 16:16:19 +01:00
parent bf8ae27a47
commit 2469f0ba28
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
spring-boot-docs/src/main/asciidoc/howto.adoc
View File

@ -2134,8 +2134,9 @@ will be available under `/system`.
[[howto-switch-off-spring-boot-security-configuration]] [[howto-switch-off-spring-boot-security-configuration]]
=== Switch off the Spring Boot security configuration === Switch off the Spring Boot security configuration
If you define a `@Configuration` with `@EnableWebSecurity` anywhere in your application If you define a `@Configuration` with `@EnableWebSecurity` anywhere in your application
it will switch off the default webapp security settings in Spring Boot. To tweak the it will switch off the default webapp security settings in Spring Boot (but leave the
defaults try setting properties in `+security.*+` (see Actuator's security enabled). To tweak the defaults try setting properties in
`+security.*+` (see
{sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[`SecurityProperties`] {sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[`SecurityProperties`]
for details of available settings) and `SECURITY` section of for details of available settings) and `SECURITY` section of
<<common-application-properties-security,Common application properties>>. <<common-application-properties-security,Common application properties>>.

6
spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc
View File

@ -2290,9 +2290,9 @@ properties are externalized via
The default security configuration is implemented in `SecurityAutoConfiguration` and in The default security configuration is implemented in `SecurityAutoConfiguration` and in
the classes imported from there (`SpringBootWebSecurityConfiguration` for web security the classes imported from there (`SpringBootWebSecurityConfiguration` for web security
and `AuthenticationManagerConfiguration` for authentication configuration which is also and `AuthenticationManagerConfiguration` for authentication configuration which is also
relevant in non-web applications). To switch off the default web security configuration relevant in non-web applications). To switch off the default web application security
completely you can add a bean with `@EnableWebSecurity` (this does not disable the configuration completely you can add a bean with `@EnableWebSecurity` (this does not
authentication manager configuration). To customize disable the authentication manager configuration or Actuator's security). To customize
it you normally use external properties and beans of type `WebSecurityConfigurerAdapter` it you normally use external properties and beans of type `WebSecurityConfigurerAdapter`
(e.g. to add form-based login). To also switch off the authentication manager configuration (e.g. to add form-based login). To also switch off the authentication manager configuration
you can add a bean of type `AuthenticationManager`, or else configure the you can add a bean of type `AuthenticationManager`, or else configure the