You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: spring-boot-project/spring-boot-docs/src/docs/asciidoc/howto.adoc
+6-10Lines changed: 6 additions & 10 deletions
Original file line number
Diff line number
Diff line change
@@ -2434,19 +2434,15 @@ You can switch on the valve by adding some entries to `application.properties`,
2434
2434
(The presence of either of those properties switches on the valve.
2435
2435
Alternatively, you can add the `RemoteIpValve` by adding a `TomcatServletWebServerFactory` bean.)
2436
2436
2437
-
To configure Spring Security to require a secure channel for all (or some) requests, consider adding your own `WebSecurityConfigurerAdapter` that adds the following `HttpSecurity` configuration:
2437
+
To configure Spring Security to require a secure channel for all (or some) requests, consider adding your own `SecurityFilterChain` bean that adds the following `HttpSecurity` configuration:
NOTE: In both the examples above, the configuration applies only to the actuator endpoints.
400
+
Since Spring Boot's security configuration backs off completely in the presence of any `SecurityFilterChain` bean, you will need to configure an additional `SecurityFilterChain` bean with rules that apply to the rest of the application.
Copy file name to clipboardExpand all lines: spring-boot-project/spring-boot-docs/src/docs/asciidoc/spring-boot-features.adoc
+14-16Lines changed: 14 additions & 16 deletions
Original file line number
Diff line number
Diff line change
@@ -3695,11 +3695,11 @@ You can provide a different `AuthenticationEventPublisher` by adding a bean for
3695
3695
=== MVC Security
3696
3696
The default security configuration is implemented in `SecurityAutoConfiguration` and `UserDetailsServiceAutoConfiguration`.
3697
3697
`SecurityAutoConfiguration` imports `SpringBootWebSecurityConfiguration` for web security and `UserDetailsServiceAutoConfiguration` configures authentication, which is also relevant in non-web applications.
3698
-
To switch off the default web application security configuration completely or to combine multiple Spring Security components such as OAuth 2 Client and Resource Server, add a bean of type `WebSecurityConfigurerAdapter` (doing so does not disable the `UserDetailsService` configuration or Actuator's security).
3698
+
To switch off the default web application security configuration completely or to combine multiple Spring Security components such as OAuth2 Client and Resource Server, add a bean of type `SecurityFilterChain` (doing so does not disable the `UserDetailsService` configuration or Actuator's security).
3699
3699
3700
3700
To also switch off the `UserDetailsService` configuration, you can add a bean of type `UserDetailsService`, `AuthenticationProvider`, or `AuthenticationManager`.
3701
3701
3702
-
Access rules can be overridden by adding a custom `WebSecurityConfigurerAdapter`.
3702
+
Access rules can be overridden by adding a custom `SecurityFilterChain` or `WebSecurityConfigurerAdapter` bean.
3703
3703
Spring Boot provides convenience methods that can be used to override access rules for actuator endpoints and static resources.
3704
3704
`EndpointRequest` can be used to create a `RequestMatcher` that is based on the configprop:management.endpoints.web.base-path[] property.
3705
3705
`PathRequest` can be used to create a `RequestMatcher` for resources in commonly used locations.
@@ -3800,23 +3800,21 @@ The following example shows how an OpenID Connect Provider can be configured wit
3800
3800
3801
3801
By default, Spring Security's `OAuth2LoginAuthenticationFilter` only processes URLs matching `/login/oauth2/code/*`.
3802
3802
If you want to customize the `redirect-uri` to use a different pattern, you need to provide configuration to process that custom pattern.
3803
-
For example, for servlet applications, you can add your own `WebSecurityConfigurerAdapter` that resembles the following:
3803
+
For example, for servlet applications, you can add your own `SecurityFilterChain` that resembles the following:
3804
3804
3805
3805
[source,java,indent=0]
3806
3806
----
3807
-
public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
0 commit comments