spring security預設引數配置
Spring Security 內建屬性引數
Spring Boot 提供的內建配置引數以security為字首,具體屬性如下:
# SECURITY (SecurityProperties 類中)
security.basic.authorize-mode=role # 應用授權模式,ROLE=成員必須是安全的角色,AUTHENTICATED=經過身份 驗證的使用者,NONE=沒有設定安全授權
security.basic.enabled=true # 啟用基本身份認證
security.basic.path=/** # 攔截策略,以逗號分隔
security.basic.realm=Spring # HTTP基本realm
security.enable-csrf=false # 啟用csrf支援
security.filter-order=0 # 過濾器執行順序
security.filter-dispatcher-types=ASYNC, FORWARD, INCLUDE, REQUEST # security 過濾器鏈dispatcher型別
security.headers.cache=true # 啟用快取控制 HTTP headers.
security.headers.content-type=true # 啟用 "X-Content-Type-Options" header.
security.headers.frame=true # 啟用 "X-Frame-Options" header.
security.headers.hsts= # HTTP Strict Transport Security (HSTS) mode (none, domain, all).
security.headers.xss=true # 啟用跨域指令碼 (XSS) 保護.
security.ignored= # 安全策略,以逗號分隔
security.require-ssl=false # 啟用所有請求SSL
security.sessions=stateless # Session 建立策略(always, never, if_required, stateless).
security.user.name=user # 預設使用者名稱
security.user.password= # 預設使用者名稱密碼
security.user.role=USER # 預設使用者角色
# SECURITY OAUTH2 CLIENT (OAuth2ClientProperties 類中)
security.oauth2.client.client-id= # OAuth2 client id.
security.oauth2.client.client-secret= # OAuth2 client secret. A random secret is generated by default
# SECURITY OAUTH2 RESOURCES (ResourceServerProperties 類中)
security.oauth2.resource.id= # Identifier of the resource.
security.oauth2.resource.jwt.key-uri= # The URI of the JWT token. Can be set if the value is not available and the key is public.
security.oauth2.resource.jwt.key-value= # The verification key of the JWT token. Can either be a symmetric secret or PEM-encoded RSA public key.
security.oauth2.resource.prefer-token-info=true # Use the token info, can be set to false to use the user info.
security.oauth2.resource.service-id=resource #
security.oauth2.resource.token-info-uri= # URI of the token decoding endpoint.
security.oauth2.resource.token-type= # The token type to send when using the userInfoUri.
security.oauth2.resource.user-info-uri= # URI of the user endpoint.
# SECURITY OAUTH2 SSO (OAuth2SsoProperties 類中)
security.oauth2.sso.filter-order= # Filter order to apply if not providing an explicit WebSecurityConfigurerAdapter
security.oauth2.sso.login-path=/login # Path to the login page, i.e. the one that triggers the redirect to the OAuth2 Authorization Server
以上是官方給出的配置屬性以及預設值列表。