Package com.sap.cds.framework.spring.config.auth.xsuaa

Class XsuaaSecurityConfig

java.lang.Object

com.sap.cds.framework.spring.config.auth.xsuaa.XsuaaSecurityConfig

@AutoConfiguration(after=IdentitySecurityConfig.class)
@ConditionalOnClass({com.sap.cloud.security.xsuaa.XsuaaServiceConfiguration.class,org.springframework.security.config.annotation.web.builders.HttpSecurity.class,org.springframework.security.oauth2.jwt.Jwt.class})
@Conditional(XsuaaConfiguredCondition.class)
@ConditionalOnMissingBean(IdentitySecurityConfig.class)
@ConditionalOnWebApplication
@EnableWebSecurity
@Order(1000)
public class XsuaaSecurityConfig
extends Object

The default security configuration in case of active XSUAA configuration - which should be the case in productive scenarios. By default, all requests require an oauth2 authentication - including public endpoints. In order to open public endpoints, the application needs to create a security configuration with higher priority and override these endpoints.

Constructor Summary

Constructors

Constructor	Description
XsuaaSecurityConfig()

Method Summary

Modifier and Type	Method	Description
org.springframework.security.web.SecurityFilterChain	xsuaaFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

XsuaaSecurityConfig

public XsuaaSecurityConfig()

Method Details

xsuaaFilterChain

@Bean
public org.springframework.security.web.SecurityFilterChain xsuaaFilterChain(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
                                                                      throws Exception

Throws:

Exception