Configuration Reference
Version:3.9.7
Security Config Properties
🔗Property | Type | Description |
---|---|---|
|
boolean |
Enables the {@link BasicAuthAuthenticationFetcher}. Default value true. |
Property | Type | Description |
---|---|---|
|
boolean |
Enables LogoutController. Default value true. |
|
java.lang.String |
Path to the LogoutController. Default value "/logout". |
|
boolean |
Enables HTTP GET invocations of LogoutController. Default value (false). |
Property | Type | Description |
---|---|---|
|
boolean |
Sets whether Redirection configuration enabled. Default value (true). |
|
java.lang.String |
Where the user is redirected to after a successful login. Default value ("/"). |
|
java.lang.String |
Where the user is redirected to after a failed login. Default value ("/"). |
|
java.lang.String |
URL where the user is redirected after logout. Default value ("/"). |
|
boolean |
If true, the user should be redirected back to the unauthorized request that initiated the login flow. Supersedes the <code>login-success</code> configuration for those cases. Default value false. |
Property | Type | Description |
---|---|---|
|
RedirectConfigurationProperties$ForbiddenRedirectConfigurationProperties |
Sets the forbidden redirect configuration. |
|
boolean |
Whether it should redirect on forbidden rejections. Default value (true). |
|
java.lang.String |
Where the user is redirected to after trying to access a secured route which he is forbidden to access. Default value ("/"). |
Property | Type | Description |
---|---|---|
|
RedirectConfigurationProperties$UnauthorizedRedirectConfigurationProperties |
Sets the unauthorized redirect configuration. |
|
boolean |
Whether it should redirect on unauthorized rejections. Default value (true). |
|
java.lang.String |
Where the user is redirected to after trying to access a secured route. Default value ("/"). |
Property | Type | Description |
---|---|---|
|
boolean |
Sets whether the configuration is enabled. Default value true. |
|
java.lang.String |
Authentication attributes map key for the user’s roles. Default value "roles". |
|
java.lang.String |
Authentication attributes map key for the user’s name. Default value "sub". |
|
java.lang.String |
If the entry used for the roles in the Authentication attributes map is a String, you can use the separator to split its value into multiple roles. Default value DEFAULT_ROLES_SEPARATOR. |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Http Header to be used to propagate the token. Default value (HttpHeaders.AUTHORIZATION) |
|
boolean |
Enable HttpHeaderTokenPropagator. Default value (true). |
|
java.lang.String |
Value prefix for Http Header. Default value (HttpHeaderValues.AUTHORIZATION_PREFIX_BEARER). |
Property | Type | Description |
---|---|---|
|
boolean |
Enables {@link SecurityFilter}. Default value true |
|
java.lang.String |
Pattern the {@link SecurityFilter} should match. Default value |
Property | Type | Description |
---|---|---|
|
Sets the refresh redirect configuration. |
|
|
boolean |
Whether it should redirect on forbidden rejections. Default value (true). |
|
java.lang.String |
Where the user is redirected to after trying to access a secured route which he is forbidden to access. Default value ("/"). |
Property | Type | Description |
---|---|---|
|
boolean |
If Security is enabled. Default value true |
|
boolean |
Whether the intercept URL patterns should be prepended with context path if defined. Defaults to false. |
|
java.util.List |
Map that defines the interception patterns. |
|
java.util.List |
Allowed IP patterns. Default value (["0.0.0.0"]) |
|
Determines how authentication providers should be processed. Default value ANY. Possible values: ANY or ALL. |
|
|
boolean |
Whether the server should respond with 401 for requests that do not match any routes on the server, if you set it to false, it will return 404 for requests that do not match any routes on the server. Default value (true). |
|
Defines which authentication to use. Defaults to null. Possible values bearer, session, cookie, idtoken. Should only be supplied if the service handles login and logout requests. |
Property | Type | Description |
---|---|---|
|
boolean |
Enables the {@link X509AuthenticationFetcher}. Default value false. |
|
java.lang.String |
Set the Subject DN regex. Default value "CN=(.*?)(?:, |
Property | Type | Description |
---|---|---|
|
boolean |
Enables LoginController. Default value true |
|
java.lang.String |
Path to the LoginController. Default value "/login" |
Property | Type | Description |
---|---|---|
|
java.lang.String |
a regular expression to match the service id. |
|
java.lang.String |
a regular expression to match the uri. |
|
java.util.regex.Pattern |
|
|
java.util.regex.Pattern |
|
|
boolean |
Enables TokenPropagationHttpClientFilter. Default value false |
|
java.lang.String |
Configures TokenPropagationHttpClientFilter path. Default value "/**" |
Property | Type | Description |
---|---|---|
|
boolean |
Enables IntrospectionController. Default value true |
|
java.lang.String |
Path to the IntrospectionController. Default value "/token_info" |
Security Jwt Config Properties
🔗Property | Type | Description |
---|---|---|
|
com.nimbusds.jose.JWEAlgorithm |
{@link com.nimbusds.jose.JWEAlgorithm}. |
|
com.nimbusds.jose.EncryptionMethod |
{@link com.nimbusds.jose.EncryptionMethod}. |
|
java.lang.String |
Secret used for encryption configuration. |
Property | Type | Description |
---|---|---|
|
com.nimbusds.jose.JWSAlgorithm |
{@link com.nimbusds.jose.JWSAlgorithm}. Defaults to HS256 |
|
java.lang.String |
Secret used to sign JWT. Length must be at least 256 bits. |
|
boolean |
Indicates whether the supplied secret is base64 encoded. |
Property | Type | Description |
---|---|---|
|
java.lang.Integer |
Access token expiration. Default value (3600). |
Property | Type | Description |
---|---|---|
|
boolean |
Sets whether SignedRefreshTokenGenerator is enabled. Default value (true). |
|
com.nimbusds.jose.JWSAlgorithm |
{@link com.nimbusds.jose.JWSAlgorithm}. Defaults to HS256 |
|
java.lang.String |
shared secret. For HS256 must be at least 256 bits. |
|
boolean |
Indicates whether the supplied secret is base64 encoded. Default value false. |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Sets the domain name of this Cookie. |
|
java.lang.Boolean |
Whether the Cookie can only be accessed via HTTP. Default value (AbstractAccessTokenCookieConfigurationProperties.DEFAULT_HTTPONLY). |
|
java.lang.Boolean |
Sets whether the cookie is secured. Defaults to the secure status of the request. |
|
java.time.Duration |
Sets the maximum age of the cookie. |
|
Sets the same-site setting of the cookie. Default value null. Value is case sensitive. Allowed values: |
|
|
java.lang.String |
Sets the path of the cookie. Default value (OauthControllerConfigurationProperties.DEFAULT_PATH). |
|
boolean |
Sets whether JWT cookie configuration is enabled. Default value (true). |
|
java.lang.String |
Cookie Name. Default value ("JWT_REFRESH_TOKEN"). |
Property | Type | Description |
---|---|---|
|
boolean |
Whether the nonce claim should be validated when a nonce was present. Default value true. |
|
java.lang.String |
Whether the aud claim should be validated to ensure it matches this value. It defaults to null, thus it is not validated. |
|
java.lang.String |
Whether the iss claim should be validated to ensure it matches this value. It defaults to null, thus it is not validated. |
|
boolean |
Whether the JWT subject claim should be validated to ensure it is not null. Default value true. |
|
boolean |
Whether it should be validated that validation time is not before the not-before claim (nbf) of a JWT token. Default value false. |
|
boolean |
Whether the expiration date of the JWT should be validated. Default value true. |
|
boolean |
Whether |
Property | Type | Description |
---|---|---|
|
boolean |
Set whether to enable bearer token authentication. Default value true. |
|
java.lang.String |
Sets the header name to use. Default value Authorization. |
|
java.lang.String |
Sets the prefix to use for the auth token. Default value Bearer. |
Property | Type | Description |
---|---|---|
|
java.lang.Integer |
JWKS cache expiration. Default value 60 seconds. |
|
java.lang.String |
Remote JSON Web Key set url. e.g. https://…/.well-known/jwks.json |
|
com.nimbusds.jose.jwk.KeyType |
Representation of the kty parameter in a JSON Web Key (JWK). Default value (RSA). |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Sets the domain name of this Cookie. |
|
java.lang.Boolean |
Whether the Cookie can only be accessed via HTTP. Default value (AbstractAccessTokenCookieConfigurationProperties.DEFAULT_HTTPONLY). |
|
java.lang.Boolean |
Sets whether the cookie is secured. Defaults to the secure status of the request. |
|
java.time.Duration |
Sets the maximum age of the cookie. |
|
Sets the same-site setting of the cookie. Default value null. Value is case sensitive. Allowed values: |
|
|
java.lang.String |
Sets the path of the cookie. Default value ("/"). |
|
boolean |
Sets whether JWT cookie configuration is enabled. Default value (true). |
|
java.lang.String |
Cookie Name. Default value ("JWT"). |
Property | Type | Description |
---|---|---|
|
boolean |
Sets whether JWT security is enabled. Default value (true). |
Property | Type | Description |
---|---|---|
|
boolean |
Sets whether the OauthController is enabled. Default value (true). |
|
java.lang.String |
Sets the path to map the OauthController to. Default value ("/oauth/access_token"). |
|
boolean |
Enables HTTP GET invocations of refresh token requests. Only applies to requests sending a cookie (JWT_REFRESH_TOKEN). Default value (true). |
Property | Type | Description |
---|---|---|
|
boolean |
Enables KeysController. Default value true. |
|
java.lang.String |
Path to the KeysController. Default value "/keys". |
Security Ldap Config Properties
🔗Property | Type | Description |
---|---|---|
|
Sets the group configuration. |
|
|
boolean |
Sets if group search is enabled. Default false |
|
boolean |
Sets if the subtree should be searched. Default true |
|
java.lang.String |
Sets the base DN to search from. |
|
java.lang.String |
Sets the group search filter. Default "uniquemember={0}" |
|
java.lang.String |
Sets the name of the user attribute to bind to the group search filter. Defaults to the user’s DN. |
|
java.lang.String |
Sets the group attribute name. Default "cn" |
Property | Type | Description |
---|---|---|
|
boolean |
Sets whether this configuration is enabled. Default true. |
Property | Type | Description |
---|---|---|
|
Sets the search configuration. |
|
|
boolean |
Sets if the subtree should be searched. Default true |
|
java.lang.String |
Sets the base DN to search. |
|
java.lang.String |
Sets the search filter. Default "(uid={0})" |
|
java.lang.String[] |
Sets the attributes to return. Default all |
Property | Type | Description |
---|---|---|
|
Sets the context configuration. |
|
|
java.lang.String |
Sets the server URL. |
|
java.lang.String |
Sets the manager DN. |
|
java.lang.String |
Sets the manager password. |
|
java.lang.String |
Sets the context factory class. Default "com.sun.jndi.ldap.LdapCtxFactory" |
|
java.util.Map |
Any additional properties that should be passed to {@link javax.naming.directory.InitialDirContext#InitialDirContext(java.util.Hashtable)}. |
Security Oauth2 Config Properties
🔗Property | Type | Description |
---|---|---|
|
The OpenID configuration. |
|
|
java.lang.String |
The URI used to log out of an OpenID provider. Default value ("/oauth/logout"). |
Property | Type | Description |
---|---|---|
|
Sets the end session endpoint configuration. |
|
|
java.lang.String |
The endpoint URL |
|
boolean |
The end session enabled flag. Default value (true). |
Property | Type | Description |
---|---|---|
|
OauthClientConfigurationProperties$AuthorizationEndpointConfigurationProperties |
The OAuth 2.0 authorization endpoint configuration. |
|
java.lang.String |
The endpoint URL |
|
java.lang.String |
Code Challenge Method to use for PKCE. |
Property | Type | Description |
---|---|---|
|
OauthConfigurationProperties$OpenIdConfigurationProperties$ClaimsValidationConfigurationProperties |
Claims Validator Configuration |
|
boolean |
Whether IssuerClaimValidator |
|
boolean |
Whether AudienceClaimValidator |
|
boolean |
Whether AuthorizedPartyClaimValidator |
Property | Type | Description |
---|---|---|
|
OauthClientConfigurationProperties$RevocationEndpointConfigurationProperties |
Sets the revocation endpoint configuration. |
|
java.lang.String |
The endpoint URL |
|
Authentication Method |
Property | Type | Description |
---|---|---|
|
Sets the authorization endpoint configuration. |
|
|
java.lang.String |
The endpoint URL |
|
Determines the authorization processing flow to be used. Default value (code). |
|
|
java.lang.String |
Mechanism to be used for returning authorization response parameters from the authorization endpoint. |
|
Controls how the authentication interface is displayed. |
|
|
Controls how the authentication server prompts the user. |
|
|
java.lang.Integer |
Maximum authentication age. |
|
java.util.List |
Preferred locales for authentication. |
|
java.util.List |
Authentication class reference values. |
|
java.lang.String |
Code Challenge Method to use for PKCE. |
Property | Type | Description |
---|---|---|
|
OauthClientConfigurationProperties$TokenEndpointConfigurationProperties |
The OAuth 2.0 token endpoint configuration. |
|
java.lang.String |
The endpoint URL |
|
Authentication Method |
Property | Type | Description |
---|---|---|
|
OauthConfigurationProperties$OpenIdConfigurationProperties$EndSessionConfigurationProperties |
The end session configuration. |
|
java.lang.String |
The URI the OpenID provider should redirect to after logging out. Default value ("/logout"). |
Property | Type | Description |
---|---|---|
|
Sets the token endpoint configuration. |
|
|
java.lang.String |
The endpoint URL |
|
Authentication Method |
|
|
The content type of token endpoint requests. Default value (application/x-www-form-urlencoded). |
Property | Type | Description |
---|---|---|
|
java.lang.String |
OAuth 2.0 client id. |
|
java.lang.String |
OAuth 2.0 client secret. |
|
java.util.List |
Requested scopes. If not specified for OAuth 2.0 clients using OpenID Connect it defaults to |
|
boolean |
Sets whether the client is enabled. Default value (true). |
|
OAuth 2.0 grant type. Default value (authorization_code). |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Sets the mechanism to persist the state for later retrieval for validation. Supported values ("session", "cookie"). Default value (PERSISTENCE_COOKIE). |
|
boolean |
Sets whether a state parameter will be sent. Default (true). |
|
int |
entropy (in bytes) used for the code verifier generation. Default value 64. |
Property | Type | Description |
---|---|---|
|
boolean |
Sets whether the OAuth 2.0 support is enabled. Default value (true). |
|
java.lang.String |
The URI template that OAuth 2.0 providers can use to submit an authorization callback request. Default value ("/oauth/callback{/provider}"). |
|
java.lang.String |
The URI template that is used to initiate an OAuth 2.0 authorization code grant flow. Default value ("/oauth/login{/provider}"). |
|
java.lang.String |
The default authentication provider for an OAuth 2.0 authorization code grant flow. |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Sets the mechanism to persist the nonce for later retrieval for validation. Supported values ("session", "cookie"). Default value ("cookie"). |
|
boolean |
Sets whether a nonce parameter will be sent. Default (true). |
Property | Type | Description |
---|---|---|
|
OauthClientConfigurationProperties$OpenIdClientConfigurationProperties |
The open id configuration. |
|
java.net.URL |
URL using the https scheme with no query or fragment component that the Open ID provider asserts as its issuer identifier. |
|
java.lang.String |
The configuration path to discover openid configuration. Default ("/.well-known/openid-configuration"). |
|
java.lang.String |
The JWKS signature URI. |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Sets the mechanism to persist the state for later retrieval for validation. Supported values ("session", "cookie"). Default value ("cookie"). |
|
boolean |
Sets whether a state parameter will be sent. Default (true). |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Sets the domain name of this Cookie. Default value (null). |
|
java.lang.Boolean |
Sets whether the cookie is secured. Defaults to the secure status of the request. |
|
java.lang.String |
Sets the path of the cookie. Default value ("/"). |
|
java.lang.Boolean |
Whether the Cookie can only be accessed via HTTP. Default value (true). |
|
java.time.Duration |
Sets the maximum age of the cookie. Default value (5 minutes). |
|
java.lang.String |
Cookie Name. |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Sets the domain name of this Cookie. Default value (null). |
|
java.lang.Boolean |
Sets whether the cookie is secured. Defaults to the secure status of the request. |
|
java.lang.String |
Sets the path of the cookie. Default value ("/"). |
|
java.lang.Boolean |
Whether the Cookie can only be accessed via HTTP. Default value (true). |
|
java.time.Duration |
Sets the maximum age of the cookie. Default value (5 minutes). |
|
java.lang.String |
Cookie Name. |
Property | Type | Description |
---|---|---|
|
Sets the Http Header Client Credentials Token Propagator configuration. |
|
|
java.lang.String |
Value prefix for Http Header. Default value ({@value #DEFAULT_PREFIX}). |
|
java.lang.String |
Http Header to be used to propagate the token. Default value ({@value #DEFAULT_HEADER_NAME}) |
|
boolean |
Enable {@link ClientCredentialsHeaderTokenPropagatorConfiguration}. Default value (true). |
Property | Type | Description |
---|---|---|
|
OauthClientConfigurationProperties$IntrospectionEndpointConfigurationProperties |
Sets the introspection endpoint configuration. |
|
java.lang.String |
The endpoint URL |
|
Authentication Method |
Property | Type | Description |
---|---|---|
|
java.lang.String |
Sets the domain name of this Cookie. Default value (null). |
|
java.lang.Boolean |
Sets whether the cookie is secured. Defaults to the secure status of the request. |
|
java.lang.String |
Sets the path of the cookie. Default value ("/"). |
|
java.lang.Boolean |
Whether the Cookie can only be accessed via HTTP. Default value (true). |
|
java.time.Duration |
Sets the maximum age of the cookie. Default value (5 minutes). |
|
java.lang.String |
Cookie Name. |
Property | Type | Description |
---|---|---|
|
OauthConfigurationProperties$OpenIdConfigurationProperties$AdditionalClaimsConfigurationProperties |
The Claims Configuration |
|
boolean |
Set to true if the original JWT from the provider should be included in the Micronaut JWT. Default value (false). |
|
boolean |
Set to true if the original access token from the provider should be included in the Micronaut JWT. Default value (false). |
|
boolean |
Set to true if the original refresh token from the provider should be included in the Micronaut JWT. Default value (false). |
Property | Type | Description |
---|---|---|
|
Sets the user info endpoint configuration. |
|
|
java.lang.String |
The endpoint URL |
Property | Type | Description |
---|---|---|
|
Sets the registration endpoint configuration. |
|
|
java.lang.String |
The endpoint URL |
Property | Type | Description |
---|---|---|
|
OauthClientConfigurationProperties$ClientCredentialsConfigurationProperties |
Sets the Client Credentials configuration. |
|
java.lang.String |
|
|
java.lang.String |
|
|
java.util.regex.Pattern |
|
|
java.util.regex.Pattern |
|
|
boolean |
Enables ClientCredentialsClient. Default value true |
|
java.lang.String |
Scope to be requested in the client credentials request. Defaults to none. |
|
java.time.Duration |
Number of seconds for a token obtained via client credentials grant to be considered expired |
|
java.util.Map |
Additional parameters included in the client-credentials flow. |
Security Session Config Properties
🔗Property | Type | Description |
---|---|---|
|
boolean |
Sets whether the session config is enabled. Default value (true). |