Configuration Reference
Version:2.0.2
Security Config Properties
🔗Property | Type | Description |
---|---|---|
|
Sets the refresh redirect configuration. |
|
|
boolean |
Whether it should redirect on forbidden rejections. Default value (true). |
|
java.lang.String |
Where the user is redirected to after trying to access a secured route which he is forbidden to access. Default value ("/"). |
Property | Type | Description |
---|---|---|
|
boolean |
Sets whether the configuration is enabled. Default value true. |
|
java.lang.String |
Authentication attributes map key for the user’s roles. Default value "roles". |
|
java.lang.String |
Authentication attributes map key for the user’s name. Default value "username". |
Property | Type | Description |
---|---|---|
|
boolean |
Whether it should redirect on unauthorized rejections. Default value (true). |
|
java.lang.String |
Where the user is redirected to after trying to access a secured route. Default value ("/"). |
Property | Type | Description |
---|---|---|
|
boolean |
If Security is enabled. Default value true |
|
java.util.List |
Map that defines the interception patterns. |
|
java.util.List |
Allowed IP patterns. Default value (["0.0.0.0"]) |
|
Determines how authentication providers should be processed. Default value ANY. Possible values: ANY or ALL. |
|
|
boolean |
Set to true if the server should respond with 404 for requests that do not |
|
Defines which authentication to use. Defaults to null. Possible values bearer, session, cookie. Should only be supplied if the service handles login and logout requests. |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Where the user is redirected to after a successful login. Default value ("/"). |
|
java.lang.String |
Where the user is redirected to after a failed login. Default value ("/"). |
|
java.lang.String |
URL where the user is redirected after logout. Default value ("/"). |
|
boolean |
If true, the user should be redirected back to the unauthorized request that initiated the login flow. Supersedes the <code>login-success</code> configuration for those cases. Default value false. |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Value prefix for Http Header. Default value (HttpHeaderValues.AUTHORIZATION_PREFIX_BEARER). |
|
java.lang.String |
Http Header to be used to propagate the token. Default value (HttpHeaders.AUTHORIZATION) |
|
boolean |
Enable HttpHeaderTokenPropagator. Default value (true). |
Property | Type | Description |
---|---|---|
|
boolean |
Enables LoginController. Default value true |
|
java.lang.String |
Path to the LoginController. Default value "/login" |
Property | Type | Description |
---|---|---|
|
boolean |
Whether it should redirect on forbidden rejections. Default value (true). |
|
java.lang.String |
Where the user is redirected to after trying to access a secured route which he is forbidden to access. Default value ("/"). |
Property | Type | Description |
---|---|---|
|
boolean |
Enables the {@link BasicAuthAuthenticationFetcher}. Default value true. |
Property | Type | Description |
---|---|---|
|
boolean |
Enables LogoutController. Default value true. |
|
java.lang.String |
Path to the LogoutController. Default value "/logout". |
|
boolean |
Enables HTTP GET invocations of LogoutController. Default value (false). |
Property | Type | Description |
---|---|---|
|
boolean |
Enables TokenPropagationHttpClientFilter. Default value false |
|
java.lang.String |
a regular expression to match the service id. |
|
java.lang.String |
a regular expression to match the uri. |
|
java.lang.String |
Configures TokenPropagationHttpClientFilter path. Default value "/**" |
Security Jwt Config Properties
🔗Property | Type | Description |
---|---|---|
|
boolean |
Sets whether the OauthController is enabled. Default value (true). |
|
java.lang.String |
Sets the path to map the OauthController to. Default value ("/oauth/access_token"). |
|
boolean |
Enables HTTP GET invocations of refresh token requests. Only applies to requests sending a cookie (JWT_REFRESH_TOKEN). Default value (true). |
Property | Type | Description |
---|---|---|
|
boolean |
Set whether to enable bearer token authentication. Default value true. |
|
java.lang.String |
Sets the header name to use. Default value Authorization. |
|
java.lang.String |
Sets the prefix to use for the auth token. Default value Bearer. |
Property | Type | Description |
---|---|---|
|
com.nimbusds.jose.JWEAlgorithm |
{@link com.nimbusds.jose.JWEAlgorithm}. |
|
com.nimbusds.jose.EncryptionMethod |
{@link com.nimbusds.jose.EncryptionMethod}. |
|
java.lang.String |
Secret used for encryption configuration. |
Property | Type | Description |
---|---|---|
|
boolean |
Enables KeysController. Default value true. |
|
java.lang.String |
Path to the KeysController. Default value "/keys". |
Property | Type | Description |
---|---|---|
|
java.lang.Integer |
deprecated Use micronaut.security.token.jwt.generator.access-token.expiration instead. |
|
java.lang.Integer |
Access token expiration. Default value (3600). |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Sets the domain name of this Cookie. |
|
java.lang.String |
Sets the path of the cookie. Default value ("/". |
|
java.lang.Boolean |
Whether the Cookie can only be accessed via HTTP. Default value (true. |
|
java.lang.Boolean |
Sets whether the cookie is secured. Default value (true. |
|
java.time.Duration |
Sets the maximum age of the cookie. |
|
Sets the same-site setting of the cookie. Default value null. |
|
|
boolean |
Sets whether JWT cookie configuration is enabled. Default value (true). |
|
java.lang.String |
Cookie Name. Default value ("JWT"). |
|
java.lang.String |
Deprecated. user micronaut.security.redirect.logout instead |
|
java.lang.String |
Deprecated. user micronaut.security.redirect.login-success instead |
|
java.lang.String |
Deprecated. user micronaut.security.redirect.login-failure instead |
Property | Type | Description |
---|---|---|
|
boolean |
Sets whether JWT security is enabled. Default value (true). |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Remote JSON Web Key set url. e.g. https://…/.well-known/jwks.json |
|
com.nimbusds.jose.jwk.KeyType |
Representation of the kty parameter in a JSON Web Key (JWK). Default value (RSA). |
Property | Type | Description |
---|---|---|
|
com.nimbusds.jose.JWSAlgorithm |
{@link com.nimbusds.jose.JWSAlgorithm}. Defaults to HS256 |
|
java.lang.String |
Secret used to sign JWT. Length must be at least 256 bits. |
|
boolean |
Indicates whether the supplied secret is base64 encoded. |
Property | Type | Description |
---|---|---|
|
boolean |
Sets whether SignedRefreshTokenGenerator is enabled. Default value (true). |
|
com.nimbusds.jose.JWSAlgorithm |
{@link com.nimbusds.jose.JWSAlgorithm}. Defaults to HS256 |
|
java.lang.String |
shared secret. For HS256 must be at least 256 bits. |
|
boolean |
Indicates whether the supplied secret is base64 encoded. Default value false. |
Security Ldap Config Properties
🔗Property | Type | Description |
---|---|---|
|
boolean |
Sets if group search is enabled. Default false |
|
boolean |
Sets if the subtree should be searched. Default true |
|
java.lang.String |
Sets the base DN to search from. |
|
java.lang.String |
Sets the group search filter. Default "uniquemember={0}" |
|
java.lang.String |
Sets the group attribute name. Default "cn" |
Property | Type | Description |
---|---|---|
|
boolean |
Sets if the subtree should be searched. Default true |
|
java.lang.String |
Sets the base DN to search. |
|
java.lang.String |
Sets the search filter. Default "(uid={0})" |
|
java.lang.String[] |
Sets the attributes to return. Default all |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Sets the server URL. |
|
java.lang.String |
Sets the manager DN. |
|
java.lang.String |
Sets the manager password. |
|
java.lang.String |
Sets the context factory class. Default "com.sun.jndi.ldap.LdapCtxFactory" |
|
java.util.Map |
Any additional properties that should be passed to {@link javax.naming.directory.InitialDirContext#InitialDirContext(java.util.Hashtable)}. |
Property | Type | Description |
---|---|---|
|
boolean |
Sets whether this configuration is enabled. Default true. |
Security Oauth2 Config Properties
🔗Property | Type | Description |
---|---|---|
|
boolean |
Set to true if the original JWT from the provider should be included in the Micronaut JWT. Default value (false). |
|
boolean |
Set to true if the original access token from the provider should be included in the Micronaut JWT. Default value (false). |
|
boolean |
Set to true if the original refresh token from the provider should be included in the Micronaut JWT. Default value (false). |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Sets the mechanism to persist the nonce for later retrieval for validation. Supported values ("session", "cookie"). Default value ("cookie"). |
|
boolean |
Sets whether a nonce parameter will be sent. Default (true). |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Sets the domain name of this Cookie. Default value (null). |
|
java.lang.String |
Sets the path of the cookie. Default value ("/"). |
|
java.lang.Boolean |
Whether the Cookie can only be accessed via HTTP. Default value (true). |
|
java.lang.Boolean |
Sets whether the cookie is secured. Default value (true). |
|
java.time.Duration |
Sets the maximum age of the cookie. Default value (5 minutes). |
|
java.lang.String |
Cookie Name. Default value ("OPENID_NONCE"). |
Property | Type | Description |
---|---|---|
|
boolean |
Sets whether the OAuth 2.0 support is enabled. Default value (true). |
|
java.lang.String |
The URI template that OAuth 2.0 providers can use to submit an authorization callback request. Default value ("/oauth/callback{/provider}"). |
|
java.lang.String |
The URI template that is used to initiate an OAuth 2.0 authorization code grant flow. Default value ("/oauth/login{/provider}"). |
|
java.lang.String |
The default authentication provider for an OAuth 2.0 authorization code grant flow. |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Sets the domain name of this Cookie. Default value (null). |
|
java.lang.String |
Sets the path of the cookie. Default value ("/"). |
|
java.lang.Boolean |
Whether the Cookie can only be accessed via HTTP. Default value (true). |
|
java.lang.Boolean |
Sets whether the cookie is secured. Default value (true). |
|
java.time.Duration |
Sets the maximum age of the cookie. Default value (5 minutes). |
|
java.lang.String |
Cookie Name. Default value ("OAUTH2_STATE"). |
Property | Type | Description |
---|---|---|
|
java.lang.String |
The URI the OpenID provider should redirect to after logging out. Default value ("/logout"). |
Property | Type | Description |
---|---|---|
|
java.lang.String |
The endpoint URL |
|
Authentication Method |
Property | Type | Description |
---|---|---|
|
java.lang.String |
The endpoint URL |
|
Authentication Method |
Property | Type | Description |
---|---|---|
|
java.net.URL |
URL using the https scheme with no query or fragment component that the Open ID provider asserts as its issuer identifier. |
|
java.lang.String |
The configuration path to discover openid configuration. Default ("/.well-known/openid-configuration"). |
|
java.lang.String |
The JWKS signature URI. |
Property | Type | Description |
---|---|---|
|
java.lang.String |
The endpoint URL |
Property | Type | Description |
---|---|---|
|
The content type of token endpoint requests. Default value (application/x-www-form-urlencoded). |
|
|
java.lang.String |
The endpoint URL |
|
Authentication Method |
Property | Type | Description |
---|---|---|
|
boolean |
The end session enabled flag. Default value (true). |
|
java.lang.String |
The endpoint URL |
Property | Type | Description |
---|---|---|
|
java.lang.String |
The URI used to log out of an OpenID provider. Default value ("/oauth/logout"). |
Property | Type | Description |
---|---|---|
|
java.lang.String |
The endpoint URL |
|
Authentication Method |
Property | Type | Description |
---|---|---|
|
boolean |
Whether IssuerClaimValidator |
|
boolean |
Whether AudienceClaimValidator |
|
boolean |
Whether AuthorizedPartyClaimValidator |
Property | Type | Description |
---|---|---|
|
Determines the authorization processing flow to be used. Default value (code). |
|
|
java.lang.String |
Mechanism to be used for returning authorization response parameters from the authorization endpoint. |
|
Controls how the authentication interface is displayed. |
|
|
Controls how the authentication server prompts the user. |
|
|
java.lang.Integer |
Maximum authentication age. |
|
java.util.List |
Preferred locales for authentication. |
|
java.util.List |
Authentication class reference values. |
|
java.lang.String |
The endpoint URL |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Sets the mechanism to persist the state for later retrieval for validation. Supported values ("session", "cookie"). Default value ("cookie"). |
|
boolean |
Sets whether a state parameter will be sent. Default (true). |
Property | Type | Description |
---|---|---|
|
java.lang.String |
The endpoint URL |
Property | Type | Description |
---|---|---|
|
java.lang.String |
OAuth 2.0 client id. |
|
java.lang.String |
OAuth 2.0 client secret. |
|
java.util.List |
The scopes to request. |
|
boolean |
Sets whether the client is enabled. Default value (true). |
|
OAuth 2.0 grant type. Default value (authorization_code). |
Property | Type | Description |
---|---|---|
|
java.lang.String |
The endpoint URL |
Security Session Config Properties
🔗Property | Type | Description |
---|---|---|
|
boolean |
Sets whether the session config is enabled. Default value (true). |
|
java.lang.String |
deprecated use micronaut.security.redirect.login-success. |
|
java.lang.String |
deprecated use micronaut.security.redirect.login-success. |
|
java.lang.String |
@deprecated use {@code micronaut.security.redirect.logout}. |
|
java.lang.String |
deprecated use {@code micronaut.security.redirect.unauthorized}. |
|
java.lang.String |
deprecated use {@code micronaut.security.redirect.forbidden}. |
|
boolean |
deprecated. use micronaut.security.redirect.on-rejection instead. |