SpringBoot配置屬性之Security
SpringBoot配置屬性之Security
序
spring security是springboot支援的許可權控制系統。
-
security.basic.authorize-mode要使用許可權控制模式.
-
security.basic.enabled是否開啟基本的鑑權,預設為true
-
security.basic.path需要鑑權的path,多個的話以逗號分隔,預設為[/**]
-
security.basic.realmHTTP basic realm 的名字,預設為Spring
-
security.enable-csrf是否開啟cross-site request forgery校驗,預設為false.
-
security.filter-orderSecurity filter chain的order,預設為0
-
security.headers.cache是否開啟http頭部的cache控制,預設為false.
-
security.headers.content-type是否開啟X-Content-Type-Options頭部,預設為false.
-
security.headers.frame是否開啟X-Frame-Options頭部,預設為false.
-
security.headers.hsts指定HTTP Strict Transport Security (HSTS)模式(none, domain, all).
-
security.headers.xss是否開啟cross-site scripting (XSS) 保護,預設為false.
-
security.ignored指定不鑑權的路徑,多個的話以逗號分隔.
-
security.oauth2.client.access-token-uri指定獲取access token的URI.
-
security.oauth2.client.access-token-validity-seconds指定access token失效時長.
-
security.oauth2.client.additional-information.[key]設定要新增的額外資訊.
-
security.oauth2.client.authentication-scheme指定傳輸不記名令牌(bearer token)的方式(form, header, none,query),預設為header
-
security.oauth2.client.authorities指定授予客戶端的許可權.
-
security.oauth2.client.authorized-grant-types指定客戶端允許的grant types.
-
security.oauth2.client.auto-approve-scopes對客戶端自動授權的scope.
-
security.oauth2.client.client-authentication-scheme傳輸authentication credentials的方式(form, header, none, query),預設為header方式
-
security.oauth2.client.client-id指定OAuth2 client ID.
-
security.oauth2.client.client-secret指定OAuth2 client secret. 預設是一個隨機的secret.
-
security.oauth2.client.grant-type指定獲取資源的access token的授權型別.
-
security.oauth2.client.id指定應用的client ID.
-
security.oauth2.client.pre-established-redirect-uri服務端pre-established的跳轉URI.
-
security.oauth2.client.refresh-token-validity-seconds指定refresh token的有效期.
-
security.oauth2.client.registered-redirect-uri指定客戶端跳轉URI,多個以逗號分隔.
-
security.oauth2.client.resource-ids指定客戶端相關的資源id,多個以逗號分隔.
-
security.oauth2.client.scopeclient的scope
-
security.oauth2.client.token-name指定token的名稱
-
security.oauth2.client.use-current-uri是否優先使用請求中URI,再使用pre-established的跳轉URI. 預設為true
-
security.oauth2.client.user-authorization-uri使用者跳轉去獲取access token的URI.
-
security.oauth2.resource.id指定resource的唯一標識.
-
security.oauth2.resource.jwt.key-uriJWT token的URI. 當key為公鑰時,或者value不指定時指定.
-
security.oauth2.resource.jwt.key-valueJWT token驗證的value. 可以是對稱加密或者PEMencoded RSA公鑰. 可以使用URI作為value.
-
security.oauth2.resource.prefer-token-info是否使用token info,預設為true
-
security.oauth2.resource.service-id指定service ID,預設為resource.
-
security.oauth2.resource.token-info-uritoken解碼的URI.
-
security.oauth2.resource.token-type指定當使用userInfoUri時,傳送的token型別.
-
security.oauth2.resource.user-info-uri指定user info的URI
-
security.oauth2.sso.filter-order如果沒有顯示提供WebSecurityConfigurerAdapter時指定的Filter order.
-
security.oauth2.sso.login-path跳轉到SSO的登入路徑預設為/login.
-
security.require-ssl是否對所有請求開啟SSL,預設為false.
-
security.sessions指定Session的建立策略(always, never, if_required, stateless).
-
security.user.name指定預設的使用者名稱,預設為user.
-
security.user.password預設的使用者密碼.
-
security.user.role預設使用者的授權角色.