Spring boot Security properties

These are Spring Boot Security Configuration Properties that can be configured with any Spring Boot Web Application. These properties are already configured in Spring Boot with the given default value.

Note: In your application, You don’t need to add all these values in your application.proprties/application.yaml file. You just need to add only those values which you want to change/override.

See Also:

Security Configuration Properties

Spring Boot load these security properties in SecurityProperties class.

NameDefault ValueDescription
security.basic.authorize-moderoleSecurity authorize mode to apply.
security.basic.enabledtrueEnable basic authentication.
security.basic.path/**Comma-separated paths to secure.
security.basic.realmSpringHTTP basic realm name.
security.enable-csrffalseEnable Cross Site Request Forgery support.
security.filter-order0Security filter chain order.
security.filter-dispatcher-typesASYNC, FORWARD, INCLUDE, REQUESTSecurity filter chain dispatcher types.
security.headers.cachetrueEnable cache control HTTP headers.
security.headers.content-typetrueEnable “X-Content-Type-Options” header.
security.headers.frametrueEnable “X-Frame-Options” header.
security.headers.hsts Set HSTS (HTTP Strict Transport Security) as (none, domain, all).
security.headers.xsstrueEnable cross site scripting (XSS) protection.
security.ignored Comma-separated paths to exclude from the default secured paths.
security.require-sslfalseEnable secure channel for all requests.
security.sessionsstatelessSession creation policy (always, never, if_required, stateless).
security.user.nameuserDefault user name.
security.user.password Password for the default user name. A random password for default logged on.
security.user.roleUSERGranted roles for the default user name.

OAUTH2 Configuration Properties

Spring Boot load these Oauth2 properties in OAuth2ClientProperties class.

NameDefault ValueDescription
security.oauth2.client.client-id OAuth2 client id.
security.oauth2.client.client-secret OAuth2 client secret. A random secret is generated by default

OAUTH2 SSO Configuration Properties

Spring Boot load these Oauth2 SSO properties in OAuth2SsoProperties class.

NameDefault ValueDescription
security.oauth2.sso.filter-order Filter order if not providing an explicit WebSecurityConfigurerAdapter
security.oauth2.sso.login-path/loginPath to the login page,that will redirect to the OAuth2 Authorization

OAUTH2 Resources COnfiguration Properties

Spring Boot load these properties in ResourceServerProperties class.

NameDefault ValueDescription
security.oauth2.resource.id Identifier of the resource.
security.oauth2.resource.jwt.key-uri The URI of the JWT token. It can set when value is not available and the key is public.
security.oauth2.resource.jwt.key-value The verification key of the JWT token. Can either be a symmetric secret or PEM-encoded RSA public key.
security.oauth2.resource.prefer-token-infotrueUse the token info, it can be set to false when the user info.
security.oauth2.resource.token-info-uri URI of the token decoding endpoint.
security.oauth2.resource.token-type Send token type when using the userInfoUri.
security.oauth2.resource.user-info-uri URI of the user endpoint.