Security for SpringBoot configuration properties

  spring, springboot

SpringBoot configuration property series

In addition, I attach some personal articles about springboot.


Spring security is a rights control system supported by springboot.

  • security.basic.authorize-mode
    To use permission control mode.

  • security.basic.enabled
    Whether to turn on basic authentication, the default is true

  • security.basic.path
    Path to be authenticated, separated by commas if multiple, default is [/* *]

  • security.basic.realm
    The name of HTTP basic realm, which defaults to Spring.

  • security.enable-csrf
    Whether to turn on cross-site request forgery check, the default is false.

  • security.filter-order
    Order for Security filter chain, default is 0

  • security.headers.cache
    Whether to turn on cache control of http header is false by default.

  • security.headers.content-type
    Whether to open the X-Content-Type-Options header is false by default.

  • security.headers.frame
    Whether to open the X-Frame-Options header, the default is false.

  • security.headers.hsts
    Specifies the http strict transport security (hsts) mode (none, domain, all).

  • security.headers.xss
    Whether to turn on cross-site scripting (XSS) protection is false by default.

  • security.ignored
    Specify non-authenticated paths, separated by commas.

  • security.oauth2.client.access-token-uri
    Specifies the URI that gets the access token.

  • security.oauth2.client.access-token-validity-seconds
    Specifies how long the access token expires.

  • security.oauth2.client.additional-information.[key]
    Set additional information to add.

  • security.oauth2.client.authentication-scheme
    Specifies how bearer token are transmitted (form, header, none,query), which defaults to header

  • security.oauth2.client.authorities
    Specifies the permissions granted to the client.

  • security.oauth2.client.authorized-grant-types
    Specifies the grant types allowed by the client.

    Scope that automatically authorizes clients.

  • security.oauth2.client.client-authentication-scheme
    The method of transmitting authentication credentials (form, header, none, query) defaults to header method.

  • security.oauth2.client.client-id
    Specify OAuth2 client ID.

  • security.oauth2.client.client-secret
    Specifies OAuth2 client secret. the default is a random secret.

  • security.oauth2.client.grant-type
    Specifies the authorization type of the access token that gets the resource.

    Specifies the client ID of the application.

  • security.oauth2.client.pre-established-redirect-uri
    The jump URI of the server-side pre-established.

  • security.oauth2.client.refresh-token-validity-seconds
    Specifies the validity period of the refresh token.

  • security.oauth2.client.registered-redirect-uri
    Specifies the client jump URI, separated by commas.

  • security.oauth2.client.resource-ids
    Specifies the client-related resource id, separated by commas.

  • security.oauth2.client.scope
    Scope of client

  • security.oauth2.client.token-name
    Specifies the name of the token

  • security.oauth2.client.use-current-uri
    Whether the URI in the request is used first, and then the jump URI of pre-established is used. the default is true

  • security.oauth2.client.user-authorization-uri
    The user jumps to get the URI of the access token.

    Specifies the unique identifier of the resource.

  • security.oauth2.resource.jwt.key-uri
    URI of JWT token. specified when key is public key or value is not specified.

  • security.oauth2.resource.jwt.key-value
    Value verified by JWT token. can be symmetric encryption or PEMencoded RSA public key. URI can be used as value.

  • security.oauth2.resource.prefer-token-info
    Whether to use token info, the default is true.

  • security.oauth2.resource.service-id
    Specifies the service ID, which defaults to resource.

  • security.oauth2.resource.token-info-uri
    URI decoded by token.

  • security.oauth2.resource.token-type
    Specifies the token type to send when userInfoUri is used.

  • security.oauth2.resource.user-info-uri
    URI specifying user info

  • security.oauth2.sso.filter-order
    If the Filter order specified when providing WebSecurityConfigurerAdapter is not displayed.

  • security.oauth2.sso.login-path
    The default login path to SSO is /login.

  • security.require-ssl
    Whether SSL is turned on for all requests is false by default.

  • security.sessions
    Specifies the creation policy for the Session (always, never, if _ required, statelets).

    Specifies the default user name, which is user by default.

  • security.user.password
    The default user password.

  • security.user.role
    The authorization role of the default user.