root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 12 Packages Projects Releases Wiki Activity

Security Documentation Cleanup 

- Add link to Spring Security's Global Method Security Java Configuration
- Fix link to SecurityProperties
- Add link to SECURITY Common application properties
- Remove unnecessary @Order from SecurityConfiguration
- Change method signature for @Autowired AuthenticationManagerBuilder to
  compile / match Spring docs
This commit is contained in:
Rob Winch 2014-03-24 17:01:28 -05:00 committed by Phillip Webb
parent d42bedf295
commit f852096c87
3 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
View File

@ -80,6 +80,7 @@ spring.thymeleaf.cache=true # set to false for hot refresh
spring.messages.basename=messages
spring.messages.encoding=UTF-8
[[common-application-properties-security]]
# SECURITY ({sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[SecurityProperties])
security.user.name=user # login username
security.user.password= # login password

18
spring-boot-docs/src/main/asciidoc/howto.adoc
View File

@ -1101,11 +1101,15 @@ Look at {sc-spring-boot-actuator}/autoconfigure/ErrorMvcAutoConfiguration.{sc-ex
If Spring Security is on the classpath then web applications will be secure by default
(``basic'' authentication on all endpoints) . To add method-level security to a web
application you can simply `@EnableGlobalMethodSecurity` with your desired settings.
Additional information can be found in the {spring-security-reference}#jc-method[Spring
Security Reference].
The default `AuthenticationManager` has a single user (username ``user'' and password
random, printed at INFO level when the application starts up). You can change the
password by providing a `security.user.password`. This and other useful properties
are externalized via {sc-spring-boot-autoconfigure}/security/SecurityProperties{sc-ext}[`SecurityProperties`.
are externalized via
{sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[`SecurityProperties`].
[[howto-switch-off-spring-boot-security-configuration]]
@ -1114,7 +1118,8 @@ If you define a `@Configuration` with `@EnableWebSecurity` anywhere in your appl
it will switch off the default webapp security settings in Spring Boot. To tweak the
defaults try setting properties in `security.*` (see
{sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[`SecurityProperties`]
for details of available settings).
for details of available settings) and `SECURITY` section of
<<common-application-properties-security,Common application properties>>.
@ -1132,12 +1137,12 @@ use this in a webapp is to inject it into a void method in a
[source,java,indent=0,subs="verbatim,quotes,attributes"]
----
@Configuration
@Order(0)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
protected void init(AuthenticationManagerBuilder builder) {
builder.inMemoryAuthentication().withUser("barry"); // ... etc.
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("barry").password("password").roles("USER"); // ... etc.
}
// ... other stuff for application security
@ -1145,9 +1150,6 @@ use this in a webapp is to inject it into a void method in a
}
----
The configuration class that does this should declare an `@Order` so that it is used
before the default one in Spring Boot (which has very low precedence).
[[howto-enable-https]]

3
spring-boot-docs/src/main/asciidoc/index.adoc
View File

@ -1,5 +1,5 @@
= Spring Boot Reference Guide
Phillip Webb; Dave Syer; Josh Long; Stéphane Nicoll;
Phillip Webb; Dave Syer; Josh Long; Stéphane Nicoll; Rob Winch;
:doctype: book
:toc:
:toclevels: 4
@ -24,6 +24,7 @@ Phillip Webb; Dave Syer; Josh Long; Stéphane Nicoll;
:dc-spring-boot-autoconfigure: {dc-root}/org/springframework/boot/autoconfigure
:dc-spring-boot-actuator: {dc-root}/org/springframework/boot/actuate
:spring-reference: http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle
:spring-security-reference: http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle
:spring-javadoc: http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework
:spring-data-javadoc: http://docs.spring.io/spring-data/jpa/docs/current/api/org/springframework/data/jpa
:spring-data-commons-javadoc: http://docs.spring.io/spring-data/commons/docs/current/api/org/springframework/data