Clarify SpringBootWebSecurityConfiguration scope
This commit fixes the documentation that wrongly states that SpringBootWebSecurityConfiguration is an auto-configuration. Rather than excluding this class, we should exclude SecurityAutoConfiguration that imports it. Closes gh-6861
This commit is contained in:
Stephane Nicoll
parent
3f236dc951
commit
284988f0cd
|
|
@ -52,7 +52,7 @@ import org.springframework.security.web.context.AbstractSecurityWebApplicationIn
|
||||||
@EnableConfigurationProperties
|
@EnableConfigurationProperties
|
||||||
@ConditionalOnClass({ AbstractSecurityWebApplicationInitializer.class,
|
@ConditionalOnClass({ AbstractSecurityWebApplicationInitializer.class,
|
||||||
SessionCreationPolicy.class })
|
SessionCreationPolicy.class })
|
||||||
@AutoConfigureAfter(SpringBootWebSecurityConfiguration.class)
|
@AutoConfigureAfter(SecurityAutoConfiguration.class)
|
||||||
public class SecurityFilterAutoConfiguration {
|
public class SecurityFilterAutoConfiguration {
|
||||||
|
|
||||||
private static final String DEFAULT_FILTER_NAME = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME;
|
private static final String DEFAULT_FILTER_NAME = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME;
|
||||||
|
|
|
||||||
|
|
@ -53,8 +53,8 @@ import org.springframework.util.ObjectUtils;
|
||||||
import org.springframework.util.StringUtils;
|
import org.springframework.util.StringUtils;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* {@link EnableAutoConfiguration Auto-configuration} for security of a web application or
|
* Configuration for security of a web application or service. By default everything is
|
||||||
* service. By default everything is secured with HTTP Basic authentication except the
|
* secured with HTTP Basic authentication except the
|
||||||
* {@link SecurityProperties#getIgnored() explicitly ignored} paths (defaults to
|
* {@link SecurityProperties#getIgnored() explicitly ignored} paths (defaults to
|
||||||
* <code>/css/**, /js/**, /images/**, /**/favicon.ico</code>
|
* <code>/css/**, /js/**, /images/**, /**/favicon.ico</code>
|
||||||
* ). Many aspects of the behavior can be controller with {@link SecurityProperties} via
|
* ). Many aspects of the behavior can be controller with {@link SecurityProperties} via
|
||||||
|
|
@ -66,9 +66,10 @@ import org.springframework.util.StringUtils;
|
||||||
* Some common simple customizations:
|
* Some common simple customizations:
|
||||||
* <ul>
|
* <ul>
|
||||||
* <li>Switch off security completely and permanently: remove Spring Security from the
|
* <li>Switch off security completely and permanently: remove Spring Security from the
|
||||||
* classpath or {@link EnableAutoConfiguration#exclude() exclude} this configuration.</li>
|
* classpath or {@link EnableAutoConfiguration#exclude() exclude}
|
||||||
|
* {@link SecurityAutoConfiguration}.</li>
|
||||||
* <li>Switch off security temporarily (e.g. for a dev environment): set
|
* <li>Switch off security temporarily (e.g. for a dev environment): set
|
||||||
* {@code security.basic.enabled: false}</li>
|
* {@code security.basic.enabled=false}</li>
|
||||||
* <li>Customize the user details: autowire an {@link AuthenticationManagerBuilder} into a
|
* <li>Customize the user details: autowire an {@link AuthenticationManagerBuilder} into a
|
||||||
* method in one of your configuration classes or equivalently add a bean of type
|
* method in one of your configuration classes or equivalently add a bean of type
|
||||||
* AuthenticationManager</li>
|
* AuthenticationManager</li>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue