These are Spring Boot Security Configuration Properties that can be configured with any Spring Boot Web Application. These properties are already configured in Spring Boot with the given default value.
Note: In your application, You don’t need to add all these values in your application.proprties/application.yaml file. You just need to add only those values which you want to change/override.
See Also:
- Spring Boot: Core Common Properties
- Spring Boot: Web Application Properties
- Spring Boot: Data Configuration Properties
- Spring Boot: Integration Platform Properties
- Spring Boot: DevTools Properties
Security Configuration Properties
Spring Boot load these properties in SecurityProperties class.
| Name | Default Value | Description |
| security.basic.authorize-mode | role | Security authorize mode to apply. |
| security.basic.enabled | true | Enable basic authentication. |
| security.basic.path | /** | Comma-separated paths to secure. |
| security.basic.realm | Spring | HTTP basic realm name. |
| security.enable-csrf | false | Enable Cross Site Request Forgery support. |
| security.filter-order | 0 | Security filter chain order. |
| security.filter-dispatcher-types | ASYNC, FORWARD, INCLUDE, REQUEST | Security filter chain dispatcher types. |
| security.headers.cache | true | Enable cache control HTTP headers. |
| security.headers.content-type | true | Enable “X-Content-Type-Options” header. |
| security.headers.frame | true | Enable “X-Frame-Options” header. |
| security.headers.hsts | Set HSTS (HTTP Strict Transport Security) as (none, domain, all). | |
| security.headers.xss | true | Enable cross site scripting (XSS) protection. |
| security.ignored | Comma-separated paths to exclude from the default secured paths. | |
| security.require-ssl | false | Enable secure channel for all requests. |
| security.sessions | stateless | Session creation policy (always, never, if_required, stateless). |
| security.user.name | user | Default user name. |
| security.user.password | Password for the default user name. A random password for default logged on. | |
| security.user.role | USER | Granted roles for the default user name. |
Security OAUTH2 Configuration Properties
Spring Boot load these properties in OAuth2ClientProperties class.
| Name | Default Value | Description |
| security.oauth2.client.client-id | OAuth2 client id. | |
| security.oauth2.client.client-secret | OAuth2 client secret. A random secret is generated by default |
Security OAUTH2 SSO Properties
Spring Boot load these properties in OAuth2SsoProperties class.
| Name | Default Value | Description |
| security.oauth2.sso.filter-order | Filter order if not providing an explicit WebSecurityConfigurerAdapter | |
| security.oauth2.sso.login-path | /login | Path to the login page,that will redirect to the OAuth2 Authorization |
Security OAUTH2 Resources Properties
Spring Boot load these properties in ResourceServerProperties class.
| Name | Default Value | Description |
| security.oauth2.resource.id | Identifier of the resource. | |
| security.oauth2.resource.jwt.key-uri | The URI of the JWT token. It can set when value is not available and the key is public. | |
| security.oauth2.resource.jwt.key-value | The verification key of the JWT token. Can either be a symmetric secret or PEM-encoded RSA public key. | |
| security.oauth2.resource.prefer-token-info | true | Use the token info, it can be set to false when the user info. |
| security.oauth2.resource.service-id | resource | |
| security.oauth2.resource.token-info-uri | URI of the token decoding endpoint. | |
| security.oauth2.resource.token-type | Send token type when using the userInfoUri. | |
| security.oauth2.resource.user-info-uri | URI of the user endpoint. |
References
https://docs.spring.io/spring-boot/docs/1.4.x/reference/html/common-application-properties.html
Facing Issues On IT 
One thought on “Spring Boot: Security, OAUTH2 and SSO Configuration Properties and Default Value”