Package com.c4_soft.springaddons.security.oauth2.config

Class SpringAddonsSecurityProperties

java.lang.Object

com.c4_soft.springaddons.security.oauth2.config.SpringAddonsSecurityProperties

@AutoConfiguration
@ConfigurationProperties(prefix="com.c4-soft.springaddons.security")
public class SpringAddonsSecurityProperties
extends Object

Would better be named "SpringAddonsOAuth2ResourceServerProperties" and use "com.c4-soft.springaddons.security.resource-server" as prefix to better distinguish it from SpringAddonsOAuth2ClientProperties. But the later was created later and keeping this name and prefix prevents from anoying breaking changes.

Here are defaults:

 com.c4-soft.springaddons.security.issuers[0].location=https://localhost:8443/realms/master
 com.c4-soft.springaddons.security.issuers[0].authorities[0].path=realm_access.roles
 com.c4-soft.springaddons.security.issuers[0].authorities[0].prefix=
 com.c4-soft.springaddons.security.issuers[0].authorities[0].caze=UNCHANGED
 com.c4-soft.springaddons.security.statless-sessions=true
 com.c4-soft.springaddons.security.csrf-enabled=true
 com.c4-soft.springaddons.security.permit-all=
 com.c4-soft.springaddons.security.redirect-to-login-if-unauthorized-on-restricted-content=true
 

Default conf for CORS being an empty array, CORS is disabled. To enable it (following is very permissive, define something more restrictive):

 com.c4-soft.springaddons.security.cors[0].path=/**
 

Author:

ch4mp

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static enum	SpringAddonsSecurityProperties.Case
static class	SpringAddonsSecurityProperties.CorsProperties
static enum	SpringAddonsSecurityProperties.Csrf	DEFAULT switches between DISABLED if statlessSessions is true (resource server) and SESSION otherwise (client) DISABLE disables CSRF protection.
static class	SpringAddonsSecurityProperties.IssuerProperties
static class	SpringAddonsSecurityProperties.SimpleAuthoritiesMappingProperties	Configuration for ConfigurableClaimSet2AuthoritiesConverter

Constructor Summary

Constructors

Constructor	Description
SpringAddonsSecurityProperties()

Method Summary

Modifier and Type	Method	Description
SpringAddonsSecurityProperties.IssuerProperties	getIssuerProperties(Object iss)
SpringAddonsSecurityProperties.IssuerProperties	getIssuerProperties(String iss)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SpringAddonsSecurityProperties

public SpringAddonsSecurityProperties()

Method Details

getIssuerProperties

public SpringAddonsSecurityProperties.IssuerProperties getIssuerProperties(String iss)
                                                                    throws MissingAuthorizationServerConfigurationException

Parameters:

iss - the issuer URI string

Returns:

configuration properties associated with the provided issuer URI

Throws:

MissingAuthorizationServerConfigurationException - if configuration properties don not have an entry for the exact issuer (even trailing slash is important)

getIssuerProperties

public SpringAddonsSecurityProperties.IssuerProperties getIssuerProperties(Object iss)
                                                                    throws MissingAuthorizationServerConfigurationException

Parameters:

iss - the issuer URL

Returns:

configuration properties associated with the provided issuer URI

Throws:

MissingAuthorizationServerConfigurationException - if configuration properties don not have an entry for the exact issuer (even trailing slash is important)