Spring/spring-boot
Spring/spring-boot
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-boot.git synced 2024-08-29 03:06:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

Document @EnableWebSecurity behavior when management security disabled

Browse Source 
Closes gh-9270
This commit is contained in:
Madhura Bhave 2017-06-29 10:45:17 -07:00
parent 7f8a8ba115
commit 528e334e1c
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc
View File

@ -2473,9 +2473,15 @@ the classes imported from there (`SpringBootWebSecurityConfiguration` for web se
and `AuthenticationManagerConfiguration` for authentication configuration which is also
relevant in non-web applications). To switch off the default web application security
configuration completely you can add a bean with `@EnableWebSecurity` (this does not
disable the authentication manager configuration or Actuator's security). To customize
it you normally use external properties and beans of type `WebSecurityConfigurerAdapter`
(e.g. to add form-based login). To also switch off the authentication manager configuration
disable the authentication manager configuration or Actuator's security).
To customize it you normally use external properties and beans of type `WebSecurityConfigurerAdapter`
(e.g. to add form-based login).
NOTE: If you add `@EnableWebSecurity` and also disable Actuator security, you will get
the default form-based login for the entire application unless you add a custom
`WebSecurityConfigurerAdapter`.
To also switch off the authentication manager configuration
you can add a bean of type `AuthenticationManager`, or else configure the
global `AuthenticationManager` by autowiring an `AuthenticationManagerBuilder` into
a method in one of your `@Configuration` classes. There are several secure applications in