com.sap.cds.framework.spring.config.auth.xsuaa

Class XsuaaSecurityConfig

java.lang.Object

com.sap.cds.framework.spring.config.auth.xsuaa.XsuaaSecurityConfig

@AutoConfiguration(after=IdentitySecurityConfig.class)
 @ConditionalOnClass(value={com.sap.cloud.security.xsuaa.XsuaaServiceConfiguration.class,org.springframework.security.config.annotation.web.builders.HttpSecurity.class,org.springframework.security.oauth2.jwt.Jwt.class})
 @Conditional(value=XsuaaConfiguredCondition.class)
 @ConditionalOnMissingBean(value=IdentitySecurityConfig.class)
 @ConditionalOnWebApplication
 @EnableWebSecurity
 @Order(value=1000)
public class XsuaaSecurityConfig
extends Object

The default security configuration in case of active XSUAA configuration - which should be the case in productive scenarios. By default, all requests require an oauth2 authentication - including public endpoints. In order to open public endpoints, the application needs to create a security configuration with higher priority and override these endpoints.

Constructor Summary

Constructors

Constructor and Description
XsuaaSecurityConfig()

Method Summary

Modifier and Type	Method and Description
org.springframework.security.web.SecurityFilterChain	xsuaaFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

XsuaaSecurityConfig

public XsuaaSecurityConfig()

Method Detail

xsuaaFilterChain

@Bean
public org.springframework.security.web.SecurityFilterChain xsuaaFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
                                                                            throws Exception

Throws:

Exception