mirror of
https://github.com/spring-projects/spring-boot.git
synced 2024-08-29 03:06:45 +08:00
Document @EnableWebSecurity behavior when management security disabled
Closes gh-9270
This commit is contained in:
parent
7f8a8ba115
commit
528e334e1c
@ -2473,9 +2473,15 @@ the classes imported from there (`SpringBootWebSecurityConfiguration` for web se
|
||||
and `AuthenticationManagerConfiguration` for authentication configuration which is also
|
||||
relevant in non-web applications). To switch off the default web application security
|
||||
configuration completely you can add a bean with `@EnableWebSecurity` (this does not
|
||||
disable the authentication manager configuration or Actuator's security). To customize
|
||||
it you normally use external properties and beans of type `WebSecurityConfigurerAdapter`
|
||||
(e.g. to add form-based login). To also switch off the authentication manager configuration
|
||||
disable the authentication manager configuration or Actuator's security).
|
||||
To customize it you normally use external properties and beans of type `WebSecurityConfigurerAdapter`
|
||||
(e.g. to add form-based login).
|
||||
|
||||
NOTE: If you add `@EnableWebSecurity` and also disable Actuator security, you will get
|
||||
the default form-based login for the entire application unless you add a custom
|
||||
`WebSecurityConfigurerAdapter`.
|
||||
|
||||
To also switch off the authentication manager configuration
|
||||
you can add a bean of type `AuthenticationManager`, or else configure the
|
||||
global `AuthenticationManager` by autowiring an `AuthenticationManagerBuilder` into
|
||||
a method in one of your `@Configuration` classes. There are several secure applications in
|
||||
|
Loading…
Reference in New Issue
Block a user