diff --git a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc index d601278ab26..ab64eac0425 100644 --- a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc +++ b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc @@ -80,6 +80,7 @@ spring.thymeleaf.cache=true # set to false for hot refresh spring.messages.basename=messages spring.messages.encoding=UTF-8 +[[common-application-properties-security]] # SECURITY ({sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[SecurityProperties]) security.user.name=user # login username security.user.password= # login password diff --git a/spring-boot-docs/src/main/asciidoc/howto.adoc b/spring-boot-docs/src/main/asciidoc/howto.adoc index ccf7c5abb67..49c1b04c676 100644 --- a/spring-boot-docs/src/main/asciidoc/howto.adoc +++ b/spring-boot-docs/src/main/asciidoc/howto.adoc @@ -1101,11 +1101,15 @@ Look at {sc-spring-boot-actuator}/autoconfigure/ErrorMvcAutoConfiguration.{sc-ex If Spring Security is on the classpath then web applications will be secure by default (``basic'' authentication on all endpoints) . To add method-level security to a web application you can simply `@EnableGlobalMethodSecurity` with your desired settings. +Additional information can be found in the {spring-security-reference}#jc-method[Spring +Security Reference]. The default `AuthenticationManager` has a single user (username ``user'' and password random, printed at INFO level when the application starts up). You can change the password by providing a `security.user.password`. This and other useful properties -are externalized via {sc-spring-boot-autoconfigure}/security/SecurityProperties{sc-ext}[`SecurityProperties`. +are externalized via +{sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[`SecurityProperties`]. + [[howto-switch-off-spring-boot-security-configuration]] @@ -1114,7 +1118,8 @@ If you define a `@Configuration` with `@EnableWebSecurity` anywhere in your appl it will switch off the default webapp security settings in Spring Boot. To tweak the defaults try setting properties in `security.*` (see {sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[`SecurityProperties`] -for details of available settings). +for details of available settings) and `SECURITY` section of +<>. @@ -1132,12 +1137,12 @@ use this in a webapp is to inject it into a void method in a [source,java,indent=0,subs="verbatim,quotes,attributes"] ---- @Configuration - @Order(0) public class SecurityConfiguration extends WebSecurityConfigurerAdapter { @Autowired - protected void init(AuthenticationManagerBuilder builder) { - builder.inMemoryAuthentication().withUser("barry"); // ... etc. + public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { + auth.inMemoryAuthentication() + .withUser("barry").password("password").roles("USER"); // ... etc. } // ... other stuff for application security @@ -1145,9 +1150,6 @@ use this in a webapp is to inject it into a void method in a } ---- -The configuration class that does this should declare an `@Order` so that it is used -before the default one in Spring Boot (which has very low precedence). - [[howto-enable-https]] diff --git a/spring-boot-docs/src/main/asciidoc/index.adoc b/spring-boot-docs/src/main/asciidoc/index.adoc index 68a94f14b72..44b72de3285 100644 --- a/spring-boot-docs/src/main/asciidoc/index.adoc +++ b/spring-boot-docs/src/main/asciidoc/index.adoc @@ -1,5 +1,5 @@ = Spring Boot Reference Guide -Phillip Webb; Dave Syer; Josh Long; Stéphane Nicoll; +Phillip Webb; Dave Syer; Josh Long; Stéphane Nicoll; Rob Winch; :doctype: book :toc: :toclevels: 4 @@ -24,6 +24,7 @@ Phillip Webb; Dave Syer; Josh Long; Stéphane Nicoll; :dc-spring-boot-autoconfigure: {dc-root}/org/springframework/boot/autoconfigure :dc-spring-boot-actuator: {dc-root}/org/springframework/boot/actuate :spring-reference: http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle +:spring-security-reference: http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle :spring-javadoc: http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework :spring-data-javadoc: http://docs.spring.io/spring-data/jpa/docs/current/api/org/springframework/data/jpa :spring-data-commons-javadoc: http://docs.spring.io/spring-data/commons/docs/current/api/org/springframework/data