Spring Security默认参数配置

Spring Security 内置属性参数

Spring Boot 提供的内置配置参数以security为前缀，具体属性如下：

# SECURITY (SecurityProperties 类中)
security.basic.authorize-mode=role                  # 应用授权模式，ROLE=成员必须是安全的角色，AUTHENTICATED=经过身份                                                                                  验证的用户，NONE=没有设置安全授权
security.basic.enabled=true                              # 启用基本身份认证
security.basic.path=/**                                      # 拦截策略，以逗号分隔
security.basic.realm=Spring                             # HTTP基本realm
security.enable-csrf=false                                 # 启用csrf支持
security.filter-order=0                                        # 过滤器执行顺序
security.filter-dispatcher-types=ASYNC, FORWARD, INCLUDE, REQUEST # security 过滤器链dispatcher类型
security.headers.cache=true                             # 启用缓存控制 HTTP headers.
security.headers.content-type=true                   # 启用 "X-Content-Type-Options" header.
security.headers.frame=true                             # 启用 "X-Frame-Options" header.
security.headers.hsts=                                      # HTTP Strict Transport Security (HSTS) mode (none, domain, all).
security.headers.xss=true                                 # 启用跨域脚本 (XSS) 保护.
security.ignored=                                              # 安全策略，以逗号分隔
security.require-ssl=false                                  # 启用所有请求SSL
security.sessions=stateless                             # Session 创建策略(always, never, if_required, stateless).
security.user.name=user                                  # 默认用户名
security.user.password=                                 # 默认用户名密码
security.user.role=USER                                 # 默认用户角色

# SECURITY OAUTH2 CLIENT (OAuth2ClientProperties 类中)
security.oauth2.client.client-id=                      # OAuth2 client id.
security.oauth2.client.client-secret=               # OAuth2 client secret. A random secret is generated by default

# SECURITY OAUTH2 RESOURCES (ResourceServerProperties 类中)
security.oauth2.resource.id=                        # Identifier of the resource.
security.oauth2.resource.jwt.key-uri=         # The URI of the JWT token. Can be set if the value is not available and the key is public.
security.oauth2.resource.jwt.key-value=     # The verification key of the JWT token. Can either be a symmetric secret or PEM-encoded RSA public key.
security.oauth2.resource.prefer-token-info=true # Use the token info, can be set to false to use the user info.
security.oauth2.resource.service-id=resource #
security.oauth2.resource.token-info-uri= # URI of the token decoding endpoint.
security.oauth2.resource.token-type= # The token type to send when using the userInfoUri.
security.oauth2.resource.user-info-uri= # URI of the user endpoint.

# SECURITY OAUTH2 SSO (OAuth2SsoProperties 类中)
security.oauth2.sso.filter-order= # Filter order to apply if not providing an explicit WebSecurityConfigurerAdapter
security.oauth2.sso.login-path=/login # Path to the login page, i.e. the one that triggers the redirect to the OAuth2 Authorization Server

 

以上是官方给出的配置属性以及默认值列表。