Commit Graph

20 Commits

Author SHA1 Message Date
Madhura Bhave
f835f82582 Preliminary restructure of security packages
Restructure the security auto-configuration packages to better reflect
the part of the system that the configuration applies to.

See gh-14412
2018-10-16 01:01:10 -07:00
Madhura Bhave
e80c22cbf8 Add RequestMatcher for H2 console
Fixes gh-11704
2018-01-29 18:34:46 -08:00
Madhura Bhave
d65f9b25bc Remove redundant throws Exception 2018-01-25 17:25:38 +05:30
Phillip Webb
dc935fba48 Polish 2018-01-19 20:44:18 -08:00
Madhura Bhave
5e2cc02499 Move servlet specific security auto-config 2018-01-20 09:41:50 +05:30
Madhura Bhave
47ed096981 Make default username and password configurable
Closes gh-10963
2017-12-11 15:15:47 -08:00
Andy Wilkinson
66b55defa0 Adapt to password encoder changes in Spring Security
Closes gh-10762
2017-10-24 21:50:19 +01:00
Phillip Webb
46dfe38b60 Rework security request matchers
Update the security request matchers so that a bean is no longer needed
when the matcher is used. Matchers can now be build by starting from
the `EndpointRequest` or `StaticResourceRequest` classes. For example:

http.authorizeRequests()
  .requestMatchers(EndpointRequest.to("status", "info")).permitAll()
  .requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ACTUATOR")
  .requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()

Closes gh-7958
2017-09-12 00:11:29 -07:00
Phillip Webb
0f99b29b1a Temporarily remove security matchers
Temporarily back out `SpringBootSecurity` to enable easier
package refactoring.

See gh-10261
2017-09-12 00:02:34 -07:00
Phillip Webb
ecb8461e8c Manually format security configuration
Update security configuration formatting to follow conventions
recommended in the Spring Security documentation.

See gh-7958
2017-09-11 23:58:52 -07:00
Phillip Webb
2c97d3a5e9 Polish 2017-08-29 15:59:32 -07:00
Madhura Bhave
e08ddbf838 Rework security autoconfiguration
This commit combines security autoconfigurations for
management endpoints and the rest of the application. By default,
if Spring Security is on the classpath, it turns on @EnableWebSecurity.
In the presence of another WebSecurityConfigurerAdapter this backs off
completely. A default AuthenticationManager is also provided with a user
and generated password. This can be turned off by specifying a bean of
type AuthenticationManager, AuthenticationProvider or UserDetailsService.

Closes gh-7958
2017-08-27 23:15:18 -07:00
Phillip Webb
06558675bb Polish 2017-04-25 09:45:14 -07:00
Madhura Bhave
c2e5fd031a Replace usage of WebMvcConfigurerAdapter
Closes gh-8964
2017-04-24 15:31:39 -07:00
Andy Wilkinson
3348ed5bb3 Make use of new GetMapping and PostMapping annotations
Closes gh-5277
2016-05-09 17:08:16 +01:00
Phillip Webb
95c4cdbedc Fix packages and annotations used in sample
Update a few of the samples to correct the packages used in tests and
to make use of the `@SpringBootApplication` annotation.
2016-02-22 10:29:43 -08:00
Phillip Webb
aae38db9af Fix compiler warnings only shown in Eclipse Mars 2015-10-07 23:40:28 -07:00
Rob Baily
3c50386970 Fix logout in sample secure web applications
Fixes gh-1536
2015-06-26 16:44:04 -07:00
Phillip Webb
61fc4f3f12 Polish copyright headers 2015-06-23 10:22:14 -07:00
Phillip Webb
1ce617f1ae Polish sample package names 2015-06-23 00:47:12 -07:00