Commit 7f5b7a6b authored by Stephane Nicoll's avatar Stephane Nicoll

Polish contribution

Closes gh-12326
parent 751c4441
......@@ -40,10 +40,11 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.util.StringUtils;
/**
* {@link EnableAutoConfiguration Auto-configuration} for a Spring Security in-memory {@link AuthenticationManager}. Adds an
* {@link InMemoryUserDetailsManager} with a default user and generated password. This can
* be disabled by providing a bean of type {@link AuthenticationManager},
* {@link AuthenticationProvider} or {@link UserDetailsService}.
* {@link EnableAutoConfiguration Auto-configuration} for a Spring Security in-memory
* {@link AuthenticationManager}. Adds an {@link InMemoryUserDetailsManager} with a
* default user and generated password. This can be disabled by providing a bean of type
* {@link AuthenticationManager}, {@link AuthenticationProvider} or
* {@link UserDetailsService}.
*
* @author Dave Syer
* @author Rob Winch
......
......@@ -643,8 +643,8 @@ NOTE: Range requests are not supported when using Jersey.
An operation on a web endpoint or a web-specific endpoint extension can receive the
current `java.security.Principal` or
`org.springframework.boot.actuate.endpoint.SecurityContext` as a method parameter. The
former is typically used in conjunction with `@Nullable` to provide different behaviour for
authenticated and unauthenticated users. The latter is typically used to perform
former is typically used in conjunction with `@Nullable` to provide different behaviour
for authenticated and unauthenticated users. The latter is typically used to perform
authorization checks using its `isUserInRole(String)` method.
......
......@@ -3012,11 +3012,11 @@ that you can see how to set things up.
[[boot-features-security]]
== Security
If {spring-security}[Spring Security] is on the classpath, then web applications are
secured by default. Spring Boot relies on Spring Security’s content-negotiation strategy to
determine whether to use `httpBasic` or `formLogin`. To add method-level security to a web
application, you can also add `@EnableGlobalMethodSecurity` with your desired settings.
Additional information can be found in the {spring-security-reference}#jc-method[Spring
Security Reference Guide].
secured by default. Spring Boot relies on Spring Security’s content-negotiation strategy
to determine whether to use `httpBasic` or `formLogin`. To add method-level security to a
web application, you can also add `@EnableGlobalMethodSecurity` with your desired
settings. Additional information can be found in the
{spring-security-reference}#jc-method[Spring Security Reference Guide].
The default `UserDetailsService` has a single user. The user name is `user`, and the
password is random and is printed at INFO level when the application starts, as shown in
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment