Configuration Reference

Version:1.3.1

Security Config Properties

🔗
Table 1. Configuration Properties for LoginControllerConfigurationProperties
Property Type Description

micronaut.security.endpoints.login.enabled

boolean

Enables LoginController. Default value false

micronaut.security.endpoints.login.path

java.lang.String

Path to the LoginController. Default value "/login"

🔗
Table 2. Configuration Properties for HttpHeaderTokenWriterConfigurationProperties
Property Type Description

micronaut.security.token.writer.header.prefix

java.lang.String

Value prefix for Http Header. Default value (HttpHeaderValues.AUTHORIZATION_PREFIX_BEARER).

micronaut.security.token.writer.header.header-name

java.lang.String

Http Header to be used to propagate the token. Default value (HttpHeaders.AUTHORIZATION)

micronaut.security.token.writer.header.enabled

boolean

Enable HttpHeaderTokenWriter. Default value (true).

🔗
Table 3. Configuration Properties for TokenConfigurationProperties
Property Type Description

micronaut.security.token.enabled

boolean

Sets whether the configuration is enabled. Default value true.

micronaut.security.token.roles-name

java.lang.String

Name of the roles property. Default value "roles".

🔗
Table 4. Configuration Properties for SecurityConfigurationProperties
Property Type Description

micronaut.security.enabled

boolean

If Security is enabled. Default value false

micronaut.security.intercept-url-map

java.util.List

Map that defines the interception patterns.

micronaut.security.ip-patterns

java.util.List

Allowed IP patterns. Default value (["0.0.0.0"])

🔗
Table 5. Configuration Properties for RedirectRejectionHandlerConfigurationProperties
Property Type Description

micronaut.security.redirect.enabled

boolean

Enables RedirectRejectionHandler. Default value true.

micronaut.security.redirect.http-status

HttpStatus

The Http status used used for redirection. Defaults value (303).

🔗
Table 6. Configuration Properties for BasicAuthTokenReaderConfigurationProperties
Property Type Description

micronaut.security.token.basic-auth.enabled

boolean

Enables BasicAuthTokenReader. Default value true.

micronaut.security.token.basic-auth.header-name

java.lang.String

Http Header name. Default value {@value io.micronaut.http.HttpHeaders#AUTHORIZATION}.

micronaut.security.token.basic-auth.prefix

java.lang.String

Http Header value prefix. Default value {@value io.micronaut.http.HttpHeaderValues#AUTHORIZATION_PREFIX_BASIC}.

🔗
Table 7. Configuration Properties for LogoutControllerConfigurationProperties
Property Type Description

micronaut.security.endpoints.logout.enabled

boolean

Enables LogoutController. Default value false.

micronaut.security.endpoints.logout.path

java.lang.String

Path to the LogoutController. Default value "/logout".

micronaut.security.endpoints.logout.get-allowed

boolean

Enables HTTP GET invocations of LogoutController. Default value (false).

🔗
Table 8. Configuration Properties for TokenPropagationConfigurationProperties
Property Type Description

micronaut.security.token.propagation.enabled

boolean

Enables TokenPropagationHttpClientFilter. Default value false

micronaut.security.token.propagation.service-id-regex

java.lang.String

a regular expression to match the service id.

micronaut.security.token.propagation.uri-regex

java.lang.String

a regular expression to match the uri.

micronaut.security.token.propagation.path

java.lang.String

Configures TokenPropagationHttpClientFilter path. Default value "/**"

Security Jwt Config Properties

🔗
Table 9. Configuration Properties for OauthControllerConfigurationProperties
Property Type Description

micronaut.security.endpoints.oauth.enabled

boolean

Sets whether the OauthController is enabled. Default value (false).

micronaut.security.endpoints.oauth.path

java.lang.String

Sets the path to map the OauthController to. Default value ("/oauth/access_token").

🔗
Table 10. Configuration Properties for JwtGeneratorConfigurationProperties
Property Type Description

micronaut.security.token.jwt.generator.refresh-token-expiration

java.lang.Integer

Refresh token expiration. By default refresh tokens, do not expire.

micronaut.security.token.jwt.generator.access-token-expiration

java.lang.Integer

Access token expiration. Default value (3600).

🔗
Table 11. Configuration Properties for KeysControllerConfigurationProperties
Property Type Description

micronaut.security.endpoints.keys.enabled

boolean

Enables KeysController. Default value false.

micronaut.security.endpoints.keys.path

java.lang.String

Path to the KeysController. Default value "/keys".

🔗
Table 12. Configuration Properties for JwksSignatureConfigurationProperties
Property Type Description

micronaut.security.token.jwt.signatures.jwks.*.url

java.lang.String

Remote JSON Web Key set url. e.g. https://…​/.well-known/jwks.json

micronaut.security.token.jwt.signatures.jwks.*.key-type

com.nimbusds.jose.jwk.KeyType

Representation of the kty parameter in a JSON Web Key (JWK). Default value (RSA).

🔗
Table 13. Configuration Properties for SecretSignatureConfiguration
Property Type Description

micronaut.security.token.jwt.signatures.secret.*.jws-algorithm

com.nimbusds.jose.JWSAlgorithm

{@link com.nimbusds.jose.JWSAlgorithm}. Defaults to HS256

micronaut.security.token.jwt.signatures.secret.*.secret

java.lang.String

Secret used to sign JWT. Length must be at least 256 bits.

micronaut.security.token.jwt.signatures.secret.*.base64

boolean

Indicates whether the supplied secret is base64 encoded.

🔗
Table 14. Configuration Properties for SecretEncryptionConfiguration
Property Type Description

micronaut.security.token.jwt.encryptions.secret.*.jwe-algorithm

com.nimbusds.jose.JWEAlgorithm

{@link com.nimbusds.jose.JWEAlgorithm}.

micronaut.security.token.jwt.encryptions.secret.*.encryption-method

com.nimbusds.jose.EncryptionMethod

{@link com.nimbusds.jose.EncryptionMethod}.

micronaut.security.token.jwt.encryptions.secret.*.secret

java.lang.String

Secret used for encryption configuration.

🔗
Table 15. Configuration Properties for JwtConfigurationProperties
Property Type Description

micronaut.security.token.jwt.enabled

boolean

Sets whether JWT security is enabled. Default value (false).

🔗
Table 16. Configuration Properties for JwtCookieConfigurationProperties
Property Type Description

micronaut.security.token.jwt.cookie.cookie-domain

java.lang.String

Sets the domain name of this Cookie.

micronaut.security.token.jwt.cookie.cookie-path

java.lang.String

Sets the path of the cookie. Default value ("/".

micronaut.security.token.jwt.cookie.cookie-http-only

java.lang.Boolean

Whether the Cookie can only be accessed via HTTP. Default value (true.

micronaut.security.token.jwt.cookie.cookie-secure

java.lang.Boolean

Sets whether the cookie is secured. Default value (true.

micronaut.security.token.jwt.cookie.cookie-max-age

java.time.Duration

Sets the maximum age of the cookie.

micronaut.security.token.jwt.cookie.enabled

boolean

Sets whether JWT cookie based security is enabled. Default value (false).

micronaut.security.token.jwt.cookie.logout-target-url

java.lang.String

Sets the logout target URL. Default value ("/").

micronaut.security.token.jwt.cookie.cookie-name

java.lang.String

Cookie Name. Default value ("JWT").

micronaut.security.token.jwt.cookie.login-success-target-url

java.lang.String

Sets the login success target URL. Default value ("/").

micronaut.security.token.jwt.cookie.login-failure-target-url

java.lang.String

Sets the login failure target URL. Default value ("/").

🔗
Table 17. Configuration Properties for BearerTokenConfigurationProperties
Property Type Description

micronaut.security.token.jwt.bearer.enabled

boolean

Set whether to enable bearer token authentication. Default value true.

micronaut.security.token.jwt.bearer.header-name

java.lang.String

Sets the header name to use. Default value {@value io.micronaut.http.HttpHeaders#AUTHORIZATION}.

micronaut.security.token.jwt.bearer.prefix

java.lang.String

Sets the prefix to use for the auth token. Default value {@value io.micronaut.http.HttpHeaderValues#AUTHORIZATION_PREFIX_BEARER}.

Security Ldap Config Properties

🔗
Table 18. Configuration Properties for LdapConfiguration
Property Type Description

micronaut.security.ldap.*.enabled

boolean

Sets whether this configuration is enabled. Default true.

🔗
Table 19. Configuration Properties for LdapConfiguration$ContextConfiguration
Property Type Description

micronaut.security.ldap.*.context.server

java.lang.String

Sets the server URL.

micronaut.security.ldap.*.context.manager-dn

java.lang.String

Sets the manager DN.

micronaut.security.ldap.*.context.manager-password

java.lang.String

Sets the manager password.

micronaut.security.ldap.*.context.factory

java.lang.String

Sets the context factory class. Default "com.sun.jndi.ldap.LdapCtxFactory"

micronaut.security.ldap.*.context.properties

java.util.Map

Any additional properties that should be passed to {@link javax.naming.directory.InitialDirContext#InitialDirContext(java.util.Hashtable)}.

🔗
Table 20. Configuration Properties for LdapConfiguration$GroupConfiguration
Property Type Description

micronaut.security.ldap.*.groups.enabled

boolean

Sets if group search is enabled. Default false

micronaut.security.ldap.*.groups.subtree

boolean

Sets if the subtree should be searched. Default true

micronaut.security.ldap.*.groups.base

java.lang.String

Sets the base DN to search from.

micronaut.security.ldap.*.groups.filter

java.lang.String

Sets the group search filter. Default "uniquemember={0}"

micronaut.security.ldap.*.groups.attribute

java.lang.String

Sets the group attribute name. Default "cn"

🔗
Table 21. Configuration Properties for LdapConfiguration$SearchConfiguration
Property Type Description

micronaut.security.ldap.*.search.subtree

boolean

Sets if the subtree should be searched. Default true

micronaut.security.ldap.*.search.base

java.lang.String

Sets the base DN to search.

micronaut.security.ldap.*.search.filter

java.lang.String

Sets the search filter. Default "(uid={0})"

micronaut.security.ldap.*.search.attributes

java.lang.String[]

Sets the attributes to return. Default all

Security Oauth2 Config Properties

🔗
Table 22. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$RegistrationEndpointConfigurationProperties
Property Type Description

micronaut.security.oauth2.clients.*.openid.registration.url

java.lang.String

The endpoint URL

🔗
Table 23. Configuration Properties for CookieNoncePersistenceConfiguration
Property Type Description

micronaut.security.oauth2.openid.nonce.cookie.cookie-domain

java.lang.String

Sets the domain name of this Cookie. Default value (null).

micronaut.security.oauth2.openid.nonce.cookie.cookie-path

java.lang.String

Sets the path of the cookie. Default value ("/").

micronaut.security.oauth2.openid.nonce.cookie.cookie-http-only

java.lang.Boolean

Whether the Cookie can only be accessed via HTTP. Default value (true).

micronaut.security.oauth2.openid.nonce.cookie.cookie-secure

java.lang.Boolean

Sets whether the cookie is secured. Default value (true).

micronaut.security.oauth2.openid.nonce.cookie.cookie-max-age

java.time.Duration

Sets the maximum age of the cookie. Default value (5 minutes).

micronaut.security.oauth2.openid.nonce.cookie.cookie-name

java.lang.String

Cookie Name. Default value ("OPENID_NONCE").

🔗
Table 24. Configuration Properties for OauthClientConfigurationProperties$IntrospectionEndpointConfigurationProperties
Property Type Description

micronaut.security.oauth2.clients.*.introspection.url

java.lang.String

The endpoint URL

micronaut.security.oauth2.clients.*.introspection.auth-method

AuthenticationMethod

Authentication Method

🔗
Table 25. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$AuthorizationEndpointConfigurationProperties
Property Type Description

micronaut.security.oauth2.clients.*.openid.authorization.response-type

ResponseType

Determines the authorization processing flow to be used. Default value (code).

micronaut.security.oauth2.clients.*.openid.authorization.response-mode

java.lang.String

Mechanism to be used for returning authorization response parameters from the authorization endpoint.

micronaut.security.oauth2.clients.*.openid.authorization.display

Display

Controls how the authentication interface is displayed.

micronaut.security.oauth2.clients.*.openid.authorization.prompt

Prompt

Controls how the authentication server prompts the user.

micronaut.security.oauth2.clients.*.openid.authorization.max-age

java.lang.Integer

Maximum authentication age.

micronaut.security.oauth2.clients.*.openid.authorization.ui-locales

java.util.List

Preferred locales for authentication.

micronaut.security.oauth2.clients.*.openid.authorization.acr-values

java.util.List

Authentication class reference values.

micronaut.security.oauth2.clients.*.openid.authorization.url

java.lang.String

The endpoint URL

🔗
Table 26. Configuration Properties for CookieStatePersistenceConfiguration
Property Type Description

micronaut.security.oauth2.state.cookie.cookie-domain

java.lang.String

Sets the domain name of this Cookie. Default value (null).

micronaut.security.oauth2.state.cookie.cookie-path

java.lang.String

Sets the path of the cookie. Default value ("/").

micronaut.security.oauth2.state.cookie.cookie-http-only

java.lang.Boolean

Whether the Cookie can only be accessed via HTTP. Default value (true).

micronaut.security.oauth2.state.cookie.cookie-secure

java.lang.Boolean

Sets whether the cookie is secured. Default value (true).

micronaut.security.oauth2.state.cookie.cookie-max-age

java.time.Duration

Sets the maximum age of the cookie. Default value (5 minutes).

micronaut.security.oauth2.state.cookie.cookie-name

java.lang.String

Cookie Name. Default value ("OAUTH2_STATE").

🔗
Table 27. Configuration Properties for OauthConfigurationProperties$OpenIdConfigurationProperties$AdditionalClaimsConfigurationProperties
Property Type Description

micronaut.security.oauth2.openid.additional-claims.jwt

boolean

Set to true if the original JWT from the provider should be included in the Micronaut JWT. Default value (false).

micronaut.security.oauth2.openid.additional-claims.access-token

boolean

Set to true if the original access token from the provider should be included in the Micronaut JWT. Default value (false).

micronaut.security.oauth2.openid.additional-claims.refresh-token

boolean

Set to true if the original refresh token from the provider should be included in the Micronaut JWT. Default value (false).

🔗
Table 28. Configuration Properties for OauthClientConfigurationProperties$RevocationEndpointConfigurationProperties
Property Type Description

micronaut.security.oauth2.clients.*.revocation.url

java.lang.String

The endpoint URL

micronaut.security.oauth2.clients.*.revocation.auth-method

AuthenticationMethod

Authentication Method

🔗
Table 29. Configuration Properties for DefaultStateConfiguration
Property Type Description

micronaut.security.oauth2.state.persistence

java.lang.String

Sets the mechanism to persist the state for later retrieval for validation. Supported values ("session", "cookie"). Default value ("cookie").

micronaut.security.oauth2.state.enabled

boolean

Sets whether a state parameter will be sent. Default (true).

🔗
Table 30. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$TokenEndpointConfigurationProperties
Property Type Description

micronaut.security.oauth2.clients.*.openid.token.content-type

MediaType

The content type of token endpoint requests. Default value (application/x-www-form-urlencoded).

micronaut.security.oauth2.clients.*.openid.token.url

java.lang.String

The endpoint URL

micronaut.security.oauth2.clients.*.openid.token.auth-method

AuthenticationMethod

Authentication Method

🔗
Table 31. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties
Property Type Description

micronaut.security.oauth2.clients.*.openid.issuer

java.net.URL

URL using the https scheme with no query or fragment component that the Open ID provider asserts as its issuer identifier.

micronaut.security.oauth2.clients.*.openid.configuration-path

java.lang.String

The configuration path to discover openid configuration. Default ("/.well-known/openid-configuration").

micronaut.security.oauth2.clients.*.openid.jwks-uri

java.lang.String

The JWKS signature URI.

🔗
Table 32. Configuration Properties for OauthClientConfigurationProperties$TokenEndpointConfigurationProperties
Property Type Description

micronaut.security.oauth2.clients.*.token.url

java.lang.String

The endpoint URL

micronaut.security.oauth2.clients.*.token.auth-method

AuthenticationMethod

Authentication Method

🔗
Table 33. Configuration Properties for OauthConfigurationProperties$OpenIdConfigurationProperties$EndSessionConfigurationProperties
Property Type Description

micronaut.security.oauth2.openid.end-session.redirect-uri

java.lang.String

The URI the OpenID provider should redirect to after logging out. Default value ("/logout").

🔗
Table 34. Configuration Properties for DefaultNonceConfiguration
Property Type Description

micronaut.security.oauth2.openid.nonce.persistence

java.lang.String

Sets the mechanism to persist the nonce for later retrieval for validation. Supported values ("session", "cookie"). Default value ("cookie").

micronaut.security.oauth2.openid.nonce.enabled

boolean

Sets whether a nonce parameter will be sent. Default (true).

🔗
Table 35. Configuration Properties for OauthClientConfigurationProperties
Property Type Description

micronaut.security.oauth2.clients.*.client-id

java.lang.String

OAuth 2.0 client id.

micronaut.security.oauth2.clients.*.client-secret

java.lang.String

OAuth 2.0 client secret.

micronaut.security.oauth2.clients.*.scopes

java.util.List

The scopes to request.

micronaut.security.oauth2.clients.*.enabled

boolean

Sets whether the client is enabled. Default value (true).

micronaut.security.oauth2.clients.*.grant-type

GrantType

OAuth 2.0 grant type. Default value (authorization_code).

🔗
Table 36. Configuration Properties for OauthConfigurationProperties
Property Type Description

micronaut.security.oauth2.enabled

boolean

Sets whether the OAuth 2.0 support is enabled. Default value (false).

micronaut.security.oauth2.callback-uri

java.lang.String

The URI template that OAuth 2.0 providers can use to submit an authorization callback request. Default value ("/oauth/callback{/provider}").

micronaut.security.oauth2.login-uri

java.lang.String

The URI template that is used to initiate an OAuth 2.0 authorization code grant flow. Default value ("/oauth/login{/provider}").

micronaut.security.oauth2.default-provider

java.lang.String

The default authentication provider for an OAuth 2.0 authorization code grant flow.

🔗
Table 37. Configuration Properties for OauthClientConfigurationProperties$AuthorizationEndpointConfigurationProperties
Property Type Description

micronaut.security.oauth2.clients.*.authorization.url

java.lang.String

The endpoint URL

🔗
Table 38. Configuration Properties for OauthConfigurationProperties$OpenIdConfigurationProperties
Property Type Description

micronaut.security.oauth2.openid.logout-uri

java.lang.String

The URI used to log out of an OpenID provider. Default value ("/oauth/logout").

🔗
Table 39. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$EndSessionConfigurationProperties
Property Type Description

micronaut.security.oauth2.clients.*.openid.end-session.enabled

boolean

The end session enabled flag. Default value (true).

micronaut.security.oauth2.clients.*.openid.end-session.url

java.lang.String

The endpoint URL

🔗
Table 40. Configuration Properties for OauthConfigurationProperties$OpenIdConfigurationProperties$ClaimsValidationConfigurationProperties
Property Type Description

micronaut.security.oauth2.openid.claims-validation.issuer

boolean

Whether IssuerClaimValidator

micronaut.security.oauth2.openid.claims-validation.audience

boolean

Whether AudienceClaimValidator

micronaut.security.oauth2.openid.claims-validation.authorized-party

boolean

Whether AuthorizedPartyClaimValidator

🔗
Table 41. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$UserInfoEndpointConfigurationProperties
Property Type Description

micronaut.security.oauth2.clients.*.openid.user-info.url

java.lang.String

The endpoint URL

Security Session Config Properties

🔗
Table 42. Configuration Properties for SecuritySessionConfigurationProperties
Property Type Description

micronaut.security.session.login-success-target-url

java.lang.String

Sets the login success target URL. Default value ("/").

micronaut.security.session.login-failure-target-url

java.lang.String

Sets the login failure target URL. Default value ("/").

micronaut.security.session.logout-target-url

java.lang.String

Sets the logout target URL. Default value ("/").

micronaut.security.session.unauthorized-target-url

java.lang.String

Sets the unauthorized target URL.

micronaut.security.session.forbidden-target-url

java.lang.String

Sets the forbidden target URL.

micronaut.security.session.enabled

boolean

Sets whether the session config is enabled. Default value (false).

micronaut.security.session.legacy-rejection-handler

boolean

Decides whether the deprecated {@link SessionSecurityFilterOrderProvider} is loaded, instead of the new RedirectRejectionHandler. Defaults to (true).