Configuration Reference
Version:3.5.0
Security Config Properties
🔗Property | Type | Description |
---|---|---|
|
RedirectConfigurationProperties$UnauthorizedRedirectConfigurationProperties |
Sets the unauthorized redirect configuration. |
|
boolean |
Whether it should redirect on unauthorized rejections. Default value (true). |
|
java.lang.String |
Where the user is redirected to after trying to access a secured route. Default value ("/"). |
Property | Type | Description |
---|---|---|
|
boolean |
Enables {@link SecurityFilter}. Default value true |
|
java.lang.String |
Pattern the {@link SecurityFilter} should match. Default value |
Property | Type | Description |
---|---|---|
|
RedirectConfigurationProperties$ForbiddenRedirectConfigurationProperties |
Sets the forbidden redirect configuration. |
|
boolean |
Whether it should redirect on forbidden rejections. Default value (true). |
|
java.lang.String |
Where the user is redirected to after trying to access a secured route which he is forbidden to access. Default value ("/"). |
Property | Type | Description |
---|---|---|
|
boolean |
Sets whether the configuration is enabled. Default value true. |
|
java.lang.String |
Authentication attributes map key for the user’s roles. Default value "roles". |
|
java.lang.String |
Authentication attributes map key for the user’s name. Default value "sub". |
|
java.lang.String |
If the entry used for the roles in the Authentication attributes map is a String, you can use the separator to split its value into multiple roles. Default value null. |
Property | Type | Description |
---|---|---|
|
boolean |
If Security is enabled. Default value true |
|
java.util.List |
Map that defines the interception patterns. |
|
java.util.List |
Allowed IP patterns. Default value (["0.0.0.0"]) |
|
Determines how authentication providers should be processed. Default value ANY. Possible values: ANY or ALL. |
|
|
boolean |
Set to true if the server should respond with 404 for requests that do not |
|
Defines which authentication to use. Defaults to null. Possible values bearer, session, cookie. Should only be supplied if the service handles login and logout requests. |
Property | Type | Description |
---|---|---|
|
boolean |
Enables the {@link X509AuthenticationFetcher}. Default value false. |
|
java.lang.String |
Set the Subject DN regex. Default value "CN=(.*?)(?:, |
Property | Type | Description |
---|---|---|
|
boolean |
Sets whether Redirection configuration enabled. Default value (true). |
|
java.lang.String |
Where the user is redirected to after a successful login. Default value ("/"). |
|
java.lang.String |
Where the user is redirected to after a failed login. Default value ("/"). |
|
java.lang.String |
URL where the user is redirected after logout. Default value ("/"). |
|
boolean |
If true, the user should be redirected back to the unauthorized request that initiated the login flow. Supersedes the <code>login-success</code> configuration for those cases. Default value false. |
Property | Type | Description |
---|---|---|
|
boolean |
Enables the {@link BasicAuthAuthenticationFetcher}. Default value true. |
Property | Type | Description |
---|---|---|
|
boolean |
Enables LoginController. Default value true |
|
java.lang.String |
Path to the LoginController. Default value "/login" |
Property | Type | Description |
---|---|---|
|
boolean |
Enables IntrospectionController. Default value true |
|
java.lang.String |
Path to the IntrospectionController. Default value "/token_info" |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Http Header to be used to propagate the token. Default value (HttpHeaders.AUTHORIZATION) |
|
boolean |
Enable HttpHeaderTokenPropagator. Default value (true). |
|
java.lang.String |
Value prefix for Http Header. Default value (HttpHeaderValues.AUTHORIZATION_PREFIX_BEARER). |
Property | Type | Description |
---|---|---|
|
Sets the refresh redirect configuration. |
|
|
boolean |
Whether it should redirect on forbidden rejections. Default value (true). |
|
java.lang.String |
Where the user is redirected to after trying to access a secured route which he is forbidden to access. Default value ("/"). |
Property | Type | Description |
---|---|---|
|
java.lang.String |
a regular expression to match the service id. |
|
java.lang.String |
a regular expression to match the uri. |
|
java.util.regex.Pattern |
|
|
java.util.regex.Pattern |
|
|
boolean |
Enables TokenPropagationHttpClientFilter. Default value false |
|
java.lang.String |
Configures TokenPropagationHttpClientFilter path. Default value "/**" |
Property | Type | Description |
---|---|---|
|
boolean |
Enables LogoutController. Default value true. |
|
java.lang.String |
Path to the LogoutController. Default value "/logout". |
|
boolean |
Enables HTTP GET invocations of LogoutController. Default value (false). |
Security Jwt Config Properties
🔗Property | Type | Description |
---|---|---|
|
java.lang.String |
Sets the domain name of this Cookie. |
|
java.lang.Boolean |
Whether the Cookie can only be accessed via HTTP. Default value (AbstractAccessTokenCookieConfigurationProperties.DEFAULT_HTTPONLY). |
|
java.lang.Boolean |
Sets whether the cookie is secured. Defaults to the secure status of the request. |
|
java.time.Duration |
Sets the maximum age of the cookie. |
|
Sets the same-site setting of the cookie. Default value null. Value is case sensitive. Allowed values: |
|
|
java.lang.String |
Sets the path of the cookie. Default value ("/"). |
|
boolean |
Sets whether JWT cookie configuration is enabled. Default value (true). |
|
java.lang.String |
Cookie Name. Default value ("JWT"). |
Property | Type | Description |
---|---|---|
|
com.nimbusds.jose.JWSAlgorithm |
{@link com.nimbusds.jose.JWSAlgorithm}. Defaults to HS256 |
|
java.lang.String |
Secret used to sign JWT. Length must be at least 256 bits. |
|
boolean |
Indicates whether the supplied secret is base64 encoded. |
Property | Type | Description |
---|---|---|
|
java.lang.Integer |
Access token expiration. Default value (3600). |
Property | Type | Description |
---|---|---|
|
boolean |
Sets whether SignedRefreshTokenGenerator is enabled. Default value (true). |
|
com.nimbusds.jose.JWSAlgorithm |
{@link com.nimbusds.jose.JWSAlgorithm}. Defaults to HS256 |
|
java.lang.String |
shared secret. For HS256 must be at least 256 bits. |
|
boolean |
Indicates whether the supplied secret is base64 encoded. Default value false. |
Property | Type | Description |
---|---|---|
|
boolean |
Sets whether JWT security is enabled. Default value (true). |
Property | Type | Description |
---|---|---|
|
boolean |
Enables KeysController. Default value true. |
|
java.lang.String |
Path to the KeysController. Default value "/keys". |
Property | Type | Description |
---|---|---|
|
com.nimbusds.jose.JWEAlgorithm |
{@link com.nimbusds.jose.JWEAlgorithm}. |
|
com.nimbusds.jose.EncryptionMethod |
{@link com.nimbusds.jose.EncryptionMethod}. |
|
java.lang.String |
Secret used for encryption configuration. |
Property | Type | Description |
---|---|---|
|
boolean |
Whether the nonce claim should be validated when a nonce was present. Default value true. |
|
java.lang.String |
Whether the aud claim should be validated to ensure it matches this value. It defaults to null, thus it is not validated. |
|
java.lang.String |
Whether the iss claim should be validated to ensure it matches this value. It defaults to null, thus it is not validated. |
|
boolean |
Whether the JWT subject claim should be validated to ensure it is not null. Default value true. |
|
boolean |
Whether it should be validated that validation time is not before the not-before claim (nbf) of a JWT token. Default value false. |
|
boolean |
Whether the expiration date of the JWT should be validated. Default value true. |
|
boolean |
Whether |
Property | Type | Description |
---|---|---|
|
boolean |
Set whether to enable bearer token authentication. Default value true. |
|
java.lang.String |
Sets the header name to use. Default value Authorization. |
|
java.lang.String |
Sets the prefix to use for the auth token. Default value Bearer. |
Property | Type | Description |
---|---|---|
|
boolean |
Sets whether the OauthController is enabled. Default value (true). |
|
java.lang.String |
Sets the path to map the OauthController to. Default value ("/oauth/access_token"). |
|
boolean |
Enables HTTP GET invocations of refresh token requests. Only applies to requests sending a cookie (JWT_REFRESH_TOKEN). Default value (true). |
Property | Type | Description |
---|---|---|
|
java.lang.Integer |
JWKS cache expiration. Default value 60 seconds. |
|
java.lang.String |
Remote JSON Web Key set url. e.g. https://…/.well-known/jwks.json |
|
com.nimbusds.jose.jwk.KeyType |
Representation of the kty parameter in a JSON Web Key (JWK). Default value (RSA). |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Sets the domain name of this Cookie. |
|
java.lang.Boolean |
Whether the Cookie can only be accessed via HTTP. Default value (AbstractAccessTokenCookieConfigurationProperties.DEFAULT_HTTPONLY). |
|
java.lang.Boolean |
Sets whether the cookie is secured. Defaults to the secure status of the request. |
|
java.time.Duration |
Sets the maximum age of the cookie. |
|
Sets the same-site setting of the cookie. Default value null. Value is case sensitive. Allowed values: |
|
|
java.lang.String |
Sets the path of the cookie. Default value (OauthControllerConfigurationProperties.DEFAULT_PATH). |
|
boolean |
Sets whether JWT cookie configuration is enabled. Default value (true). |
|
java.lang.String |
Cookie Name. Default value ("JWT_REFRESH_TOKEN"). |
Security Ldap Config Properties
🔗Property | Type | Description |
---|---|---|
|
boolean |
Sets if the subtree should be searched. Default true |
|
java.lang.String |
Sets the base DN to search. |
|
java.lang.String |
Sets the search filter. Default "(uid={0})" |
|
java.lang.String[] |
Sets the attributes to return. Default all |
|
Sets the search configuration. |
Property | Type | Description |
---|---|---|
|
boolean |
Sets if group search is enabled. Default false |
|
boolean |
Sets if the subtree should be searched. Default true |
|
java.lang.String |
Sets the base DN to search from. |
|
java.lang.String |
Sets the group search filter. Default "uniquemember={0}" |
|
java.lang.String |
Sets the name of the user attribute to bind to the group search filter. Defaults to the user’s DN. |
|
java.lang.String |
Sets the group attribute name. Default "cn" |
|
Sets the group configuration. |
Property | Type | Description |
---|---|---|
|
boolean |
Sets whether this configuration is enabled. Default true. |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Sets the server URL. |
|
java.lang.String |
Sets the manager DN. |
|
java.lang.String |
Sets the manager password. |
|
java.lang.String |
Sets the context factory class. Default "com.sun.jndi.ldap.LdapCtxFactory" |
|
java.util.Map |
Any additional properties that should be passed to {@link javax.naming.directory.InitialDirContext#InitialDirContext(java.util.Hashtable)}. |
|
Sets the context configuration. |
Security Oauth2 Config Properties
🔗Property | Type | Description |
---|---|---|
|
OauthClientConfigurationProperties$TokenEndpointConfigurationProperties |
The OAuth 2.0 token endpoint configuration. |
|
java.lang.String |
The endpoint URL |
|
Authentication Method |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Sets the domain name of this Cookie. Default value (null). |
|
java.lang.Boolean |
Sets whether the cookie is secured. Defaults to the secure status of the request. |
|
java.lang.String |
Sets the path of the cookie. Default value ("/"). |
|
java.lang.Boolean |
Whether the Cookie can only be accessed via HTTP. Default value (true). |
|
java.time.Duration |
Sets the maximum age of the cookie. Default value (5 minutes). |
|
java.lang.String |
Cookie Name. Default value ("OPENID_NONCE"). |
Property | Type | Description |
---|---|---|
|
The OpenID configuration. |
|
|
java.lang.String |
The URI used to log out of an OpenID provider. Default value ("/oauth/logout"). |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Sets the domain name of this Cookie. Default value (null). |
|
java.lang.Boolean |
Sets whether the cookie is secured. Defaults to the secure status of the request. |
|
java.lang.String |
Sets the path of the cookie. Default value ("/"). |
|
java.lang.Boolean |
Whether the Cookie can only be accessed via HTTP. Default value (true). |
|
java.time.Duration |
Sets the maximum age of the cookie. Default value (5 minutes). |
|
java.lang.String |
Cookie Name. Default value ("OAUTH2_STATE"). |
Property | Type | Description |
---|---|---|
|
OauthClientConfigurationProperties$IntrospectionEndpointConfigurationProperties |
Sets the introspection endpoint configuration. |
|
java.lang.String |
The endpoint URL |
|
Authentication Method |
Property | Type | Description |
---|---|---|
|
OauthClientConfigurationProperties$ClientCredentialsConfigurationProperties |
Sets the Client Credentials configuration. |
|
java.lang.String |
|
|
java.lang.String |
|
|
java.util.regex.Pattern |
|
|
java.util.regex.Pattern |
|
|
boolean |
Enables ClientCredentialsClient. Default value true |
|
java.lang.String |
Scope to be requested in the client credentials request. Defaults to none. |
|
java.time.Duration |
Number of seconds for a token obtained via client credentials grant to be considered expired |
|
java.util.Map |
Additional parameters included in the client-credentials flow. |
Property | Type | Description |
---|---|---|
|
OauthClientConfigurationProperties$OpenIdClientConfigurationProperties |
The open id configuration. |
|
java.net.URL |
URL using the https scheme with no query or fragment component that the Open ID provider asserts as its issuer identifier. |
|
java.lang.String |
The configuration path to discover openid configuration. Default ("/.well-known/openid-configuration"). |
|
java.lang.String |
The JWKS signature URI. |
Property | Type | Description |
---|---|---|
|
OauthClientConfigurationProperties$AuthorizationEndpointConfigurationProperties |
The OAuth 2.0 authorization endpoint configuration. |
|
java.lang.String |
The endpoint URL |
Property | Type | Description |
---|---|---|
|
OauthConfigurationProperties$OpenIdConfigurationProperties$AdditionalClaimsConfigurationProperties |
The Claims Configuration |
|
boolean |
Set to true if the original JWT from the provider should be included in the Micronaut JWT. Default value (false). |
|
boolean |
Set to true if the original access token from the provider should be included in the Micronaut JWT. Default value (false). |
|
boolean |
Set to true if the original refresh token from the provider should be included in the Micronaut JWT. Default value (false). |
Property | Type | Description |
---|---|---|
|
Sets the end session endpoint configuration. |
|
|
java.lang.String |
The endpoint URL |
|
boolean |
The end session enabled flag. Default value (true). |
Property | Type | Description |
---|---|---|
|
java.lang.String |
OAuth 2.0 client id. |
|
java.lang.String |
OAuth 2.0 client secret. |
|
java.util.List |
Requested scopes. If not specified for OAuth 2.0 clients using OpenID Connect it defaults to |
|
boolean |
Sets whether the client is enabled. Default value (true). |
|
OAuth 2.0 grant type. Default value (authorization_code). |
Property | Type | Description |
---|---|---|
|
Sets the registration endpoint configuration. |
|
|
java.lang.String |
The endpoint URL |
Property | Type | Description |
---|---|---|
|
OauthConfigurationProperties$OpenIdConfigurationProperties$ClaimsValidationConfigurationProperties |
Claims Validator Configuration |
|
boolean |
Whether IssuerClaimValidator |
|
boolean |
Whether AudienceClaimValidator |
|
boolean |
Whether AuthorizedPartyClaimValidator |
Property | Type | Description |
---|---|---|
|
Sets the Http Header Client Credentials Token Propagator configuration. |
|
|
java.lang.String |
Value prefix for Http Header. Default value ({@value #DEFAULT_PREFIX}). |
|
java.lang.String |
Http Header to be used to propagate the token. Default value ({@value #DEFAULT_HEADER_NAME}) |
|
boolean |
Enable {@link ClientCredentialsHeaderTokenPropagatorConfiguration}. Default value (true). |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Sets the mechanism to persist the state for later retrieval for validation. Supported values ("session", "cookie"). Default value ("cookie"). |
|
boolean |
Sets whether a state parameter will be sent. Default (true). |
Property | Type | Description |
---|---|---|
|
Sets the authorization endpoint configuration. |
|
|
java.lang.String |
The endpoint URL |
|
Determines the authorization processing flow to be used. Default value (code). |
|
|
java.lang.String |
Mechanism to be used for returning authorization response parameters from the authorization endpoint. |
|
Controls how the authentication interface is displayed. |
|
|
Controls how the authentication server prompts the user. |
|
|
java.lang.Integer |
Maximum authentication age. |
|
java.util.List |
Preferred locales for authentication. |
|
java.util.List |
Authentication class reference values. |
Property | Type | Description |
---|---|---|
|
Sets the token endpoint configuration. |
|
|
java.lang.String |
The endpoint URL |
|
Authentication Method |
|
|
The content type of token endpoint requests. Default value (application/x-www-form-urlencoded). |
Property | Type | Description |
---|---|---|
|
Sets the user info endpoint configuration. |
|
|
java.lang.String |
The endpoint URL |
Property | Type | Description |
---|---|---|
|
OauthClientConfigurationProperties$RevocationEndpointConfigurationProperties |
Sets the revocation endpoint configuration. |
|
java.lang.String |
The endpoint URL |
|
Authentication Method |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Sets the mechanism to persist the nonce for later retrieval for validation. Supported values ("session", "cookie"). Default value ("cookie"). |
|
boolean |
Sets whether a nonce parameter will be sent. Default (true). |
Property | Type | Description |
---|---|---|
|
OauthConfigurationProperties$OpenIdConfigurationProperties$EndSessionConfigurationProperties |
The end session configuration. |
|
java.lang.String |
The URI the OpenID provider should redirect to after logging out. Default value ("/logout"). |
Property | Type | Description |
---|---|---|
|
boolean |
Sets whether the OAuth 2.0 support is enabled. Default value (true). |
|
java.lang.String |
The URI template that OAuth 2.0 providers can use to submit an authorization callback request. Default value ("/oauth/callback{/provider}"). |
|
java.lang.String |
The URI template that is used to initiate an OAuth 2.0 authorization code grant flow. Default value ("/oauth/login{/provider}"). |
|
java.lang.String |
The default authentication provider for an OAuth 2.0 authorization code grant flow. |
Security Session Config Properties
🔗Property | Type | Description |
---|---|---|
|
boolean |
Sets whether the session config is enabled. Default value (true). |