root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 12 Packages Projects Releases Wiki Activity

Security Documentation Cleanup 

- Add link to Spring Security's Global Method Security Java Configuration
- Fix link to SecurityProperties
- Add link to SECURITY Common application properties
- Remove unnecessary @Order from SecurityConfiguration
- Change method signature for @Autowired AuthenticationManagerBuilder to
  compile / match Spring docs
This commit is contained in:
Rob Winch 2014-03-24 17:01:28 -05:00 committed by Phillip Webb
parent d42bedf295
commit f852096c87
3 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
View File

@ -80,6 +80,7 @@ spring.thymeleaf.cache=true # set to false for hot refresh
spring.messages.basename=messages spring.messages.basename=messages
spring.messages.encoding=UTF-8 spring.messages.encoding=UTF-8
[[common-application-properties-security]]
# SECURITY ({sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[SecurityProperties]) # SECURITY ({sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[SecurityProperties])
security.user.name=user # login username security.user.name=user # login username
security.user.password= # login password security.user.password= # login password

18
spring-boot-docs/src/main/asciidoc/howto.adoc
View File

@ -1101,11 +1101,15 @@ Look at {sc-spring-boot-actuator}/autoconfigure/ErrorMvcAutoConfiguration.{sc-ex
If Spring Security is on the classpath then web applications will be secure by default If Spring Security is on the classpath then web applications will be secure by default
(``basic'' authentication on all endpoints) . To add method-level security to a web (``basic'' authentication on all endpoints) . To add method-level security to a web
application you can simply `@EnableGlobalMethodSecurity` with your desired settings. application you can simply `@EnableGlobalMethodSecurity` with your desired settings.
Additional information can be found in the {spring-security-reference}#jc-method[Spring
Security Reference].
The default `AuthenticationManager` has a single user (username ``user'' and password The default `AuthenticationManager` has a single user (username ``user'' and password
random, printed at INFO level when the application starts up). You can change the random, printed at INFO level when the application starts up). You can change the
password by providing a `security.user.password`. This and other useful properties password by providing a `security.user.password`. This and other useful properties
are externalized via {sc-spring-boot-autoconfigure}/security/SecurityProperties{sc-ext}[`SecurityProperties`. are externalized via
{sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[`SecurityProperties`].
[[howto-switch-off-spring-boot-security-configuration]] [[howto-switch-off-spring-boot-security-configuration]]
@ -1114,7 +1118,8 @@ If you define a `@Configuration` with `@EnableWebSecurity` anywhere in your appl
it will switch off the default webapp security settings in Spring Boot. To tweak the it will switch off the default webapp security settings in Spring Boot. To tweak the
defaults try setting properties in `security.*` (see defaults try setting properties in `security.*` (see
{sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[`SecurityProperties`] {sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[`SecurityProperties`]
for details of available settings). for details of available settings) and `SECURITY` section of
<<common-application-properties-security,Common application properties>>.
@ -1132,12 +1137,12 @@ use this in a webapp is to inject it into a void method in a
[source,java,indent=0,subs="verbatim,quotes,attributes"] [source,java,indent=0,subs="verbatim,quotes,attributes"]
---- ----
@Configuration @Configuration
@Order(0)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter { public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired @Autowired
protected void init(AuthenticationManagerBuilder builder) { public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
builder.inMemoryAuthentication().withUser("barry"); // ... etc. auth.inMemoryAuthentication()
.withUser("barry").password("password").roles("USER"); // ... etc.
} }
// ... other stuff for application security // ... other stuff for application security
@ -1145,9 +1150,6 @@ use this in a webapp is to inject it into a void method in a
} }
---- ----
The configuration class that does this should declare an `@Order` so that it is used
before the default one in Spring Boot (which has very low precedence).
[[howto-enable-https]] [[howto-enable-https]]

3
spring-boot-docs/src/main/asciidoc/index.adoc
View File

@ -1,5 +1,5 @@
= Spring Boot Reference Guide = Spring Boot Reference Guide
Phillip Webb; Dave Syer; Josh Long; Stéphane Nicoll; Phillip Webb; Dave Syer; Josh Long; Stéphane Nicoll; Rob Winch;
:doctype: book :doctype: book
:toc: :toc:
:toclevels: 4 :toclevels: 4
@ -24,6 +24,7 @@ Phillip Webb; Dave Syer; Josh Long; Stéphane Nicoll;
:dc-spring-boot-autoconfigure: {dc-root}/org/springframework/boot/autoconfigure :dc-spring-boot-autoconfigure: {dc-root}/org/springframework/boot/autoconfigure
:dc-spring-boot-actuator: {dc-root}/org/springframework/boot/actuate :dc-spring-boot-actuator: {dc-root}/org/springframework/boot/actuate
:spring-reference: http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle :spring-reference: http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle
:spring-security-reference: http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle
:spring-javadoc: http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework :spring-javadoc: http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework
:spring-data-javadoc: http://docs.spring.io/spring-data/jpa/docs/current/api/org/springframework/data/jpa :spring-data-javadoc: http://docs.spring.io/spring-data/jpa/docs/current/api/org/springframework/data/jpa
:spring-data-commons-javadoc: http://docs.spring.io/spring-data/commons/docs/current/api/org/springframework/data :spring-data-commons-javadoc: http://docs.spring.io/spring-data/commons/docs/current/api/org/springframework/data