Spring Boot: Security, OAUTH2 and SSO Configuration Properties and Default Value


These are Spring Boot Security Configuration Properties that can be configured with any Spring Boot Web Application. These properties are already configured in Spring Boot with the given default value.

Note: In your application, You don’t need to add all these values in your application.proprties/application.yaml file. You just need to add only those values which you want to change/override.

See Also:

Security Configuration Properties

Spring Boot load these properties in SecurityProperties class.

Name Default Value Description
security.basic.authorize-mode role Security authorize mode to apply.
security.basic.enabled true Enable basic authentication.
security.basic.path /** Comma-separated paths to secure.
security.basic.realm Spring HTTP basic realm name.
security.enable-csrf false Enable Cross Site Request Forgery support.
security.filter-order 0 Security filter chain order.
security.filter-dispatcher-types ASYNC, FORWARD, INCLUDE, REQUEST Security filter chain dispatcher types.
security.headers.cache true Enable cache control HTTP headers.
security.headers.content-type true Enable “X-Content-Type-Options” header.
security.headers.frame true Enable “X-Frame-Options” header.
security.headers.hsts Set HSTS (HTTP Strict Transport Security) as (none, domain, all).
security.headers.xss true Enable cross site scripting (XSS) protection.
security.ignored Comma-separated paths to exclude from the default secured paths.
security.require-ssl false Enable secure channel for all requests.
security.sessions stateless Session creation policy (always, never, if_required, stateless).
security.user.name user Default user name.
security.user.password Password for the default user name. A random password for default logged on.
security.user.role USER Granted roles for the default user name.

Security OAUTH2 Configuration Properties

Spring Boot load these properties in OAuth2ClientProperties class.

Name Default Value Description
security.oauth2.client.client-id OAuth2 client id.
security.oauth2.client.client-secret OAuth2 client secret. A random secret is generated by default

Security OAUTH2 SSO Properties

Spring Boot load these properties in OAuth2SsoProperties class.

Name Default Value Description
security.oauth2.sso.filter-order Filter order if not providing an explicit WebSecurityConfigurerAdapter
security.oauth2.sso.login-path /login Path to the login page,that will redirect to the OAuth2 Authorization

Security OAUTH2 Resources Properties

Spring Boot load these properties in ResourceServerProperties class.

Name Default Value Description
security.oauth2.resource.id Identifier of the resource.
security.oauth2.resource.jwt.key-uri The URI of the JWT token. It can set when value is not available and the key is public.
security.oauth2.resource.jwt.key-value The verification key of the JWT token. Can either be a symmetric secret or PEM-encoded RSA public key.
security.oauth2.resource.prefer-token-info true Use the token info, it can be set to false when the user info.
security.oauth2.resource.service-id resource
security.oauth2.resource.token-info-uri URI of the token decoding endpoint.
security.oauth2.resource.token-type Send token type when using the userInfoUri.
security.oauth2.resource.user-info-uri URI of the user endpoint.

 

References

https://docs.spring.io/spring-boot/docs/1.4.x/reference/html/common-application-properties.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s