root
/
spring-boot
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Clarify effect of @EnableWebSecurity when Actuator's being used

Browse Source 
Closes gh-6490
pull/6486/merge
Andy Wilkinson 8 years ago
parent bf8ae27a47
commit 2469f0ba28
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File

5
spring-boot-docs/src/main/asciidoc/howto.adoc
Unescape Escape View File

@ -2134,8 +2134,9 @@ will be available under `/system`.
[[howto-switch-off-spring-boot-security-configuration]] [[howto-switch-off-spring-boot-security-configuration]]
=== Switch off the Spring Boot security configuration === Switch off the Spring Boot security configuration
If you define a `@Configuration` with `@EnableWebSecurity` anywhere in your application If you define a `@Configuration` with `@EnableWebSecurity` anywhere in your application
it will switch off the default webapp security settings in Spring Boot. To tweak the it will switch off the default webapp security settings in Spring Boot (but leave the
defaults try setting properties in `+security.*+` (see Actuator's security enabled). To tweak the defaults try setting properties in
`+security.*+` (see
{sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[`SecurityProperties`] {sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[`SecurityProperties`]
for details of available settings) and `SECURITY` section of for details of available settings) and `SECURITY` section of
<<common-application-properties-security,Common application properties>>. <<common-application-properties-security,Common application properties>>.

6
spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc
Unescape Escape View File

@ -2290,9 +2290,9 @@ properties are externalized via
The default security configuration is implemented in `SecurityAutoConfiguration` and in The default security configuration is implemented in `SecurityAutoConfiguration` and in
the classes imported from there (`SpringBootWebSecurityConfiguration` for web security the classes imported from there (`SpringBootWebSecurityConfiguration` for web security
and `AuthenticationManagerConfiguration` for authentication configuration which is also and `AuthenticationManagerConfiguration` for authentication configuration which is also
relevant in non-web applications). To switch off the default web security configuration relevant in non-web applications). To switch off the default web application security
completely you can add a bean with `@EnableWebSecurity` (this does not disable the configuration completely you can add a bean with `@EnableWebSecurity` (this does not
authentication manager configuration). To customize disable the authentication manager configuration or Actuator's security). To customize
it you normally use external properties and beans of type `WebSecurityConfigurerAdapter` it you normally use external properties and beans of type `WebSecurityConfigurerAdapter`
(e.g. to add form-based login). To also switch off the authentication manager configuration (e.g. to add form-based login). To also switch off the authentication manager configuration
you can add a bean of type `AuthenticationManager`, or else configure the you can add a bean of type `AuthenticationManager`, or else configure the

Write Preview
Loading…
Cancel
Save