diff --git a/snapshot/guide/configurationreference.html b/snapshot/guide/configurationreference.html index 9279b4d9e7..2ec34bf821 100644 --- a/snapshot/guide/configurationreference.html +++ b/snapshot/guide/configurationreference.html @@ -51,9 +51,9 @@

Configuration Reference

Micronaut Security Config Properties

-🔗 +🔗 - +@@ -68,47 +68,21 @@

Micronaut Security Config Propert

- - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + - + - +
Table 1. Configuration Properties for SecurityConfigurationPropertiesTable 1. Configuration Properties for RedirectConfigurationProperties$ForbiddenRedirectConfigurationProperties

micronaut.security.authentication

AuthenticationMode

Defines which authentication to use. Defaults to null. Possible values bearer, session, cookie, idtoken. Should - only be supplied if the service handles login and logout requests.

micronaut.security.enabled

boolean

If Security is enabled. Default value true

micronaut.security.intercept-url-map

java.util.List

Map that defines the interception patterns.

micronaut.security.ip-patterns

java.util.List

Allowed IP patterns. Default value (["0.0.0.0"])

micronaut.security.intercept-url-map-prepend-pattern-with-context-path

boolean

Whether the intercept URL patterns should be prepended with context path if defined. Defaults to true.

micronaut.security.authentication-provider-strategy

AuthenticationStrategy

Determines how authentication providers should be processed. Default value ANY. Possible values: ANY or ALL.

micronaut.security.redirect.forbidden.url

java.lang.String

Where the user is redirected to after trying to access a secured route which he is forbidden to access. Default value ("/").

micronaut.security.reject-not-found

micronaut.security.redirect.forbidden.enabled

boolean

Whether the server should respond with 401 for requests that do not match any routes on the server, if you set it to false, it will return 404 for requests that do not match any routes on the server. Default value (true).

Whether it should redirect on forbidden rejections. Default value (true).
-🔗 +🔗 - +@@ -123,31 +97,21 @@

Micronaut Security Config Propert

- - - - - - - - - - - + - + - - - + + +
Table 2. Configuration Properties for TokenConfigurationPropertiesTable 2. Configuration Properties for RedirectConfigurationProperties$UnauthorizedRedirectConfigurationProperties

micronaut.security.token.enabled

boolean

Sets whether the configuration is enabled. Default value true.

micronaut.security.token.roles-name

java.lang.String

micronaut.security.token.name-key

micronaut.security.redirect.unauthorized.url

java.lang.String

Where the user is redirected to after trying to access a secured route. Default value ("/").

micronaut.security.token.roles-separator

java.lang.String

If the entry used for the roles in the Authentication attributes map is a String, you can use the separator to split its value into multiple roles. Default value DEFAULT_ROLES_SEPARATOR.

micronaut.security.redirect.unauthorized.enabled

boolean

Whether it should redirect on unauthorized rejections. Default value (true).
-🔗 +🔗 - +@@ -162,51 +126,16 @@

Micronaut Security Config Propert

- - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - +
Table 3. Configuration Properties for TokenCookieConfigurationPropertiesTable 3. Configuration Properties for BasicAuthAuthenticationConfiguration

micronaut.security.token.cookie.cookie-domain

java.lang.String

micronaut.security.token.cookie.cookie-http-only

java.lang.Boolean

micronaut.security.token.cookie.cookie-secure

java.lang.Boolean

micronaut.security.token.cookie.cookie-max-age

java.time.Duration

micronaut.security.token.cookie.cookie-same-site

SameSite

Sets the same-site setting of the cookie. Default value null. Value is case sensitive. Allowed values: Strict, Lax or None.

micronaut.security.token.cookie.enabled

micronaut.security.basic-auth.enabled

boolean

Whether JWT cookie configuration is enabled. Default value (true).

micronaut.security.token.cookie.cookie-name

java.lang.String

Cookie Name. Default value ("JWT").

micronaut.security.token.cookie.cookie-path

java.lang.String

The path of the cookie. Default value ("/").

Enables the {@link BasicAuthAuthenticationFetcher}. Default value true.
-🔗 +🔗 - +@@ -221,33 +150,18 @@

Micronaut Security Config Propert

- - + + - + - - - - - - - - - - - + - + - - - - - @@ -287,9 +201,9 @@

Micronaut Security Config Propert

Table 4. Configuration Properties for TokenPropagationConfigurationPropertiesTable 4. Configuration Properties for LogoutControllerConfigurationProperties

micronaut.security.token.propagation.service-id-regex

java.lang.String

micronaut.security.endpoints.logout.enabled

boolean

micronaut.security.token.propagation.uri-regex

micronaut.security.endpoints.logout.path

java.lang.String

micronaut.security.token.propagation.service-id-pattern

java.util.regex.Pattern

micronaut.security.token.propagation.uri-pattern

java.util.regex.Pattern

Path to the LogoutController. Default value "/logout".

micronaut.security.token.propagation.enabled

micronaut.security.endpoints.logout.get-allowed

boolean

Enables TokenPropagationHttpClientFilter. Default value false

micronaut.security.token.propagation.path

java.lang.String
-🔗 +🔗 - +@@ -304,50 +218,38 @@

Micronaut Security Config Propert

- - - + + + - + - + - + - + - -
Table 6. Configuration Properties for HttpHeaderTokenPropagatorConfigurationPropertiesTable 6. Configuration Properties for RedirectConfigurationProperties

micronaut.security.token.propagation.header.enabled

boolean

Enable HttpHeaderTokenPropagator. Default value (true).

micronaut.security.redirect.login-success

java.lang.String

Where the user is redirected to after a successful login. Default value ("/").

micronaut.security.token.propagation.header.prefix

micronaut.security.redirect.login-failure

java.lang.String

Where the user is redirected to after a failed login. Default value ("/").

micronaut.security.token.propagation.header.header-name

micronaut.security.redirect.logout

java.lang.String

URL where the user is redirected after logout. Default value ("/").
-
-🔗 - - ----- - - - - + + + - - - - - + + +
Table 7. Configuration Properties for AccessTokenConfigurationProperties
PropertyTypeDescription

micronaut.security.redirect.prior-to-login

boolean

If true, the user should be redirected back to the unauthorized + request that initiated the login flow. Supersedes the <code>login-success</code> + configuration for those cases. Default value false.

micronaut.security.token.generator.access-token.expiration

java.lang.Integer

Access token expiration. Default value (3600).

micronaut.security.redirect.enabled

boolean

Sets whether Redirection configuration enabled. Default value (true).
🔗 - +@@ -379,9 +281,9 @@

Micronaut Security Config Propert

Table 8. Configuration Properties for OauthControllerConfigurationPropertiesTable 7. Configuration Properties for OauthControllerConfigurationProperties
-🔗 +🔗 - +@@ -396,21 +298,16 @@

Micronaut Security Config Propert

- - - - - - - - + + +
Table 9. Configuration Properties for RedirectConfigurationProperties$RefreshRedirectConfigurationPropertiesTable 8. Configuration Properties for AccessTokenConfigurationProperties

micronaut.security.redirect.refresh.url

java.lang.String

Where the user is redirected to after trying to access a secured route which he is forbidden to access. Default value ("/").

micronaut.security.redirect.refresh.enabled

boolean

Whether it should redirect on forbidden rejections. Default value (true).

micronaut.security.token.generator.access-token.expiration

java.lang.Integer

Access token expiration. Default value (3600).
-🔗 +🔗 - +@@ -425,21 +322,21 @@

Micronaut Security Config Propert

- + - + - + + -
Table 10. Configuration Properties for RedirectConfigurationProperties$UnauthorizedRedirectConfigurationPropertiesTable 9. Configuration Properties for X509ConfigurationProperties

micronaut.security.redirect.unauthorized.url

micronaut.security.x509.subject-dn-regex

java.lang.String

Where the user is redirected to after trying to access a secured route. Default value ("/").

Set the Subject DN regex. Default value "CN=(.*?)(?:,

micronaut.security.redirect.unauthorized.enabled

$)".

micronaut.security.x509.enabled

boolean

Whether it should redirect on unauthorized rejections. Default value (true).
-🔗 +🔗 - +@@ -454,26 +351,26 @@

Micronaut Security Config Propert

- + - + - + - + - - + +
Table 11. Configuration Properties for LogoutControllerConfigurationPropertiesTable 10. Configuration Properties for HttpHeaderTokenPropagatorConfigurationProperties

micronaut.security.endpoints.logout.enabled

micronaut.security.token.propagation.header.enabled

boolean

Enable HttpHeaderTokenPropagator. Default value (true).

micronaut.security.endpoints.logout.path

micronaut.security.token.propagation.header.prefix

java.lang.String

Path to the LogoutController. Default value "/logout".

micronaut.security.endpoints.logout.get-allowed

boolean

micronaut.security.token.propagation.header.header-name

java.lang.String
-🔗 +🔗 - +@@ -488,16 +385,47 @@

Micronaut Security Config Propert

- + + + + + + - + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 12. Configuration Properties for BasicAuthAuthenticationConfigurationTable 11. Configuration Properties for SecurityConfigurationProperties

micronaut.security.basic-auth.enabled

micronaut.security.authentication

AuthenticationMode

Defines which authentication to use. Defaults to null. Possible values bearer, session, cookie, idtoken. Should + only be supplied if the service handles login and logout requests.

micronaut.security.enabled

boolean

Enables the {@link BasicAuthAuthenticationFetcher}. Default value true.

If Security is enabled. Default value true

micronaut.security.intercept-url-map

java.util.List

Map that defines the interception patterns.

micronaut.security.ip-patterns

java.util.List

Allowed IP patterns. Default value (["0.0.0.0"])

micronaut.security.intercept-url-map-prepend-pattern-with-context-path

boolean

Whether the intercept URL patterns should be prepended with context path if defined. Defaults to true.

micronaut.security.authentication-provider-strategy

AuthenticationStrategy

Determines how authentication providers should be processed. Default value ANY. Possible values: ANY or ALL.

micronaut.security.reject-not-found

boolean

Whether the server should respond with 401 for requests that do not match any routes on the server, if you set it to false, it will return 404 for requests that do not match any routes on the server. Default value (true).
-🔗 +🔗 - +@@ -512,21 +440,21 @@

Micronaut Security Config Propert

- + - + - + - +
Table 13. Configuration Properties for SecurityFilterConfigurationPropertiesTable 12. Configuration Properties for LoginControllerConfigurationProperties

micronaut.security.filter.enabled

micronaut.security.endpoints.login.enabled

boolean

Enables LoginController. Default value true.

micronaut.security.filter.path

micronaut.security.endpoints.login.path

java.lang.String

Pattern the {@link SecurityFilter} should match. Default value /**. URLS NOT MATCHED BY PREVIOUS PATTERN ARE NOT SECURED

Path to the LoginController. Default value "/login"
-🔗 +🔗 - +@@ -541,21 +469,31 @@

Micronaut Security Config Propert

- + - + - + - + + + + + + + + + + +
Table 14. Configuration Properties for LoginControllerConfigurationPropertiesTable 13. Configuration Properties for TokenConfigurationProperties

micronaut.security.endpoints.login.enabled

micronaut.security.token.enabled

boolean

Enables LoginController. Default value true.

Sets whether the configuration is enabled. Default value true.

micronaut.security.endpoints.login.path

micronaut.security.token.roles-name

java.lang.String

Path to the LoginController. Default value "/login"

micronaut.security.token.name-key

java.lang.String

micronaut.security.token.roles-separator

java.lang.String

If the entry used for the roles in the Authentication attributes map is a String, you can use the separator to split its value into multiple roles. Default value DEFAULT_ROLES_SEPARATOR.
-🔗 +🔗 - +@@ -570,21 +508,21 @@

Micronaut Security Config Propert

- - - + + + - - - + + +
Table 15. Configuration Properties for RedirectConfigurationProperties$ForbiddenRedirectConfigurationPropertiesTable 14. Configuration Properties for SecurityFilterConfigurationProperties

micronaut.security.redirect.forbidden.url

java.lang.String

Where the user is redirected to after trying to access a secured route which he is forbidden to access. Default value ("/").

micronaut.security.filter.enabled

boolean

micronaut.security.redirect.forbidden.enabled

boolean

Whether it should redirect on forbidden rejections. Default value (true).

micronaut.security.filter.path

java.lang.String

Pattern the {@link SecurityFilter} should match. Default value /**. URLS NOT MATCHED BY PREVIOUS PATTERN ARE NOT SECURED
🔗 - +@@ -611,9 +549,9 @@

Micronaut Security Config Propert

Table 16. Configuration Properties for IntrospectionConfigurationPropertiesTable 15. Configuration Properties for IntrospectionConfigurationProperties
-🔗 +🔗 - +@@ -628,38 +566,80 @@

Micronaut Security Config Propert

- + - + - - - + + + + +
Table 17. Configuration Properties for RedirectConfigurationPropertiesTable 16. Configuration Properties for RedirectConfigurationProperties$RefreshRedirectConfigurationProperties

micronaut.security.redirect.login-success

micronaut.security.redirect.refresh.url

java.lang.String

Where the user is redirected to after a successful login. Default value ("/").

Where the user is redirected to after trying to access a secured route which he is forbidden to access. Default value ("/").

micronaut.security.redirect.login-failure

java.lang.String

Where the user is redirected to after a failed login. Default value ("/").

micronaut.security.redirect.refresh.enabled

boolean

Whether it should redirect on forbidden rejections. Default value (true).
+
+🔗 + + +++++ + - + + + + + + + + - + - + + + + + + + + + + + + + + + + + + + + + - + - - - + + + + + + + +
Table 17. Configuration Properties for TokenCookieConfigurationProperties

micronaut.security.redirect.logout

PropertyTypeDescription

micronaut.security.token.cookie.cookie-domain

java.lang.String

URL where the user is redirected after logout. Default value ("/").

micronaut.security.redirect.prior-to-login

micronaut.security.token.cookie.cookie-http-only

java.lang.Boolean

micronaut.security.token.cookie.cookie-secure

java.lang.Boolean

micronaut.security.token.cookie.cookie-max-age

java.time.Duration

micronaut.security.token.cookie.cookie-same-site

SameSite

Sets the same-site setting of the cookie. Default value null. Value is case sensitive. Allowed values: Strict, Lax or None.

micronaut.security.token.cookie.enabled

boolean

If true, the user should be redirected back to the unauthorized - request that initiated the login flow. Supersedes the <code>login-success</code> - configuration for those cases. Default value false.

Whether JWT cookie configuration is enabled. Default value (true).

micronaut.security.redirect.enabled

boolean

Sets whether Redirection configuration enabled. Default value (true).

micronaut.security.token.cookie.cookie-name

java.lang.String

Cookie Name. Default value ("JWT").

micronaut.security.token.cookie.cookie-path

java.lang.String

The path of the cookie. Default value ("/").
-🔗 +🔗 - +@@ -674,14 +654,34 @@

Micronaut Security Config Propert

- + - + - - + + + + + + + + + + + + + + + + + + + + + +
Table 18. Configuration Properties for X509ConfigurationPropertiesTable 18. Configuration Properties for TokenPropagationConfigurationProperties

micronaut.security.x509.subject-dn-regex

micronaut.security.token.propagation.service-id-regex

java.lang.String

Set the Subject DN regex. Default value "CN=(.*?)(?:,

$)".

micronaut.security.x509.enabled

micronaut.security.token.propagation.uri-regex

java.lang.String

micronaut.security.token.propagation.service-id-pattern

java.util.regex.Pattern

micronaut.security.token.propagation.uri-pattern

java.util.regex.Pattern

micronaut.security.token.propagation.enabled

boolean

Enables TokenPropagationHttpClientFilter. Default value false

micronaut.security.token.propagation.path

java.lang.String
@@ -748,9 +748,33 @@

Micronaut Security Config Propert

Micronaut Security Jwt Config Properties

+🔗 + + +++++ + + + + + + + + + + + + + + +
Table 20. Configuration Properties for JwtConfigurationProperties
PropertyTypeDescription

micronaut.security.token.jwt.enabled

boolean

Sets whether JWT security is enabled. Default value (true).

+
🔗 - +@@ -782,9 +806,9 @@

Micronaut Security Jwt Config

Table 20. Configuration Properties for SecretEncryptionConfigurationTable 21. Configuration Properties for SecretEncryptionConfiguration
-🔗 +🔗 - +@@ -799,31 +823,16 @@

Micronaut Security Jwt Config

- - - - - - - - - - - + - - - - - - +
Table 21. Configuration Properties for RefreshTokenConfigurationPropertiesTable 22. Configuration Properties for StaticJwksSignatureConfigurationProperties

micronaut.security.token.jwt.generator.refresh-token.enabled

boolean

Sets whether SignedRefreshTokenGenerator is enabled. Default value (true).

micronaut.security.token.jwt.generator.refresh-token.jws-algorithm

com.nimbusds.jose.JWSAlgorithm

{@link com.nimbusds.jose.JWSAlgorithm}. Defaults to HS256

micronaut.security.token.jwt.generator.refresh-token.secret

micronaut.security.token.jwt.signatures.jwks-static.*.path

java.lang.String

shared secret. For HS256 must be at least 256 bits.

micronaut.security.token.jwt.generator.refresh-token.base64

boolean

Indicates whether the supplied secret is base64 encoded. Default value false.

A path either starting with classpath: or file:. You can serve a JSON JWKS from anywhere on disk or the classpath. For example to serve static resources from src/main/resources/security/jwks.json, you would use classpath:security/jwks.json as the path.
-🔗 +🔗 - +@@ -838,21 +847,26 @@

Micronaut Security Jwt Config

- - + + - + - + + + + + +
Table 22. Configuration Properties for KeysControllerConfigurationPropertiesTable 23. Configuration Properties for SecretSignatureConfiguration

micronaut.security.endpoints.keys.enabled

boolean

micronaut.security.token.jwt.signatures.secret.*.jws-algorithm

com.nimbusds.jose.JWSAlgorithm

micronaut.security.endpoints.keys.path

micronaut.security.token.jwt.signatures.secret.*.secret

java.lang.String

Path to the KeysController. Default value "/keys".

micronaut.security.token.jwt.signatures.secret.*.base64

boolean
-🔗 +🔗 - +@@ -867,16 +881,31 @@

Micronaut Security Jwt Config

- + - + + + + + + + + + + + + + + + +
Table 23. Configuration Properties for JwtConfigurationPropertiesTable 24. Configuration Properties for RefreshTokenConfigurationProperties

micronaut.security.token.jwt.enabled

micronaut.security.token.jwt.generator.refresh-token.enabled

boolean

Sets whether JWT security is enabled. Default value (true).

Sets whether SignedRefreshTokenGenerator is enabled. Default value (true).

micronaut.security.token.jwt.generator.refresh-token.jws-algorithm

com.nimbusds.jose.JWSAlgorithm

{@link com.nimbusds.jose.JWSAlgorithm}. Defaults to HS256

micronaut.security.token.jwt.generator.refresh-token.secret

java.lang.String

shared secret. For HS256 must be at least 256 bits.

micronaut.security.token.jwt.generator.refresh-token.base64

boolean

Indicates whether the supplied secret is base64 encoded. Default value false.
🔗 - +@@ -928,9 +957,9 @@

Micronaut Security Jwt Config

Table 24. Configuration Properties for JwtClaimsValidatorConfigurationPropertiesTable 25. Configuration Properties for JwtClaimsValidatorConfigurationProperties
-🔗 +🔗 - +@@ -945,16 +974,21 @@

Micronaut Security Jwt Config

- + + + + + + - +
Table 25. Configuration Properties for StaticJwksSignatureConfigurationPropertiesTable 26. Configuration Properties for KeysControllerConfigurationProperties

micronaut.security.token.jwt.signatures.jwks-static.*.path

micronaut.security.endpoints.keys.enabled

boolean

micronaut.security.endpoints.keys.path

java.lang.String

A path either starting with classpath: or file:. You can serve a JSON JWKS from anywhere on disk or the classpath. For example to serve static resources from src/main/resources/security/jwks.json, you would use classpath:security/jwks.json as the path.

Path to the KeysController. Default value "/keys".
-🔗 +🔗 - +@@ -969,26 +1003,102 @@

Micronaut Security Jwt Config

- - + + - + - + + + + + +
Table 26. Configuration Properties for SecretSignatureConfigurationTable 27. Configuration Properties for JwksSignatureConfigurationProperties

micronaut.security.token.jwt.signatures.secret.*.jws-algorithm

com.nimbusds.jose.JWSAlgorithm

micronaut.security.token.jwt.signatures.jwks.*.cache-expiration

java.lang.Integer

micronaut.security.token.jwt.signatures.secret.*.secret

micronaut.security.token.jwt.signatures.jwks.*.url

java.lang.String

micronaut.security.token.jwt.signatures.secret.*.base64

micronaut.security.token.jwt.signatures.jwks.*.key-type

com.nimbusds.jose.jwk.KeyType

+
+
+
+

Micronaut Security Ldap Config Properties

+🔗 + + +++++ + + + + + + + + + + + + + + +
Table 28. Configuration Properties for LdapConfiguration
PropertyTypeDescription

micronaut.security.ldap.*.enabled

boolean

Sets whether this configuration is enabled. Default true.

+
+🔗 + + +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 29. Configuration Properties for LdapConfiguration$GroupConfiguration
PropertyTypeDescription

micronaut.security.ldap.*.groups.subtree

boolean

micronaut.security.ldap.*.groups.base

java.lang.String

micronaut.security.ldap.*.groups.filter

java.lang.String

micronaut.security.ldap.*.groups.attribute

java.lang.String

micronaut.security.ldap.*.groups.enabled

boolean

Sets if group search is enabled. Default false

micronaut.security.ldap.*.groups.filter-attribute

java.lang.String

The argument to pass to the search filter.
-🔗 +🔗 - +@@ -1003,29 +1113,31 @@

Micronaut Security Jwt Config

- - + + - + - - + + + + + + +
Table 27. Configuration Properties for JwksSignatureConfigurationPropertiesTable 30. Configuration Properties for LdapConfiguration$SearchConfiguration

micronaut.security.token.jwt.signatures.jwks.*.cache-expiration

java.lang.Integer

micronaut.security.ldap.*.search.subtree

boolean

micronaut.security.token.jwt.signatures.jwks.*.url

micronaut.security.ldap.*.search.base

java.lang.String

micronaut.security.token.jwt.signatures.jwks.*.key-type

com.nimbusds.jose.jwk.KeyType

micronaut.security.ldap.*.search.filter

java.lang.String

micronaut.security.ldap.*.search.attributes

java.lang.String
-
-
-

Micronaut Security Ldap Config Properties

🔗 - +@@ -1067,9 +1179,12 @@

Micronaut Security Ldap Conf

Table 28. Configuration Properties for LdapConfiguration$ContextConfigurationTable 31. Configuration Properties for LdapConfiguration$ContextConfiguration
-🔗 +
+
+

Micronaut Security Oauth2 Config Properties

+🔗 - +@@ -1084,41 +1199,41 @@

Micronaut Security Ldap Conf

- - - + + + - - - + + + - + - + - + - + - - - + + + - - - + + +
Table 29. Configuration Properties for LdapConfiguration$GroupConfigurationTable 32. Configuration Properties for CookieStatePersistenceConfiguration

micronaut.security.ldap.*.groups.subtree

boolean

micronaut.security.oauth2.state.cookie.cookie-domain

java.lang.String

Sets the domain name of this Cookie. Default value (null).

micronaut.security.ldap.*.groups.base

java.lang.String

micronaut.security.oauth2.state.cookie.cookie-secure

java.lang.Boolean

Sets whether the cookie is secured. Defaults to the secure status of the request.

micronaut.security.ldap.*.groups.filter

micronaut.security.oauth2.state.cookie.cookie-name

java.lang.String

Cookie Name. Default value {@link #DEFAULT_COOKIENAME}.

micronaut.security.ldap.*.groups.attribute

micronaut.security.oauth2.state.cookie.cookie-path

java.lang.String

Sets the path of the cookie. Default value ("/").

micronaut.security.ldap.*.groups.enabled

boolean

Sets if group search is enabled. Default false

micronaut.security.oauth2.state.cookie.cookie-http-only

java.lang.Boolean

Whether the Cookie can only be accessed via HTTP. Default value (true).

micronaut.security.ldap.*.groups.filter-attribute

java.lang.String

The argument to pass to the search filter.

micronaut.security.oauth2.state.cookie.cookie-max-age

java.time.Duration

Sets the maximum age of the cookie. Default value (5 minutes).
-🔗 +🔗 - +@@ -1133,31 +1248,16 @@

Micronaut Security Ldap Conf

- - - - - - - - - - - - - - - - + - +
Table 30. Configuration Properties for LdapConfiguration$SearchConfigurationTable 33. Configuration Properties for OauthConfigurationProperties$OpenIdConfigurationProperties

micronaut.security.ldap.*.search.subtree

boolean

micronaut.security.ldap.*.search.base

java.lang.String

micronaut.security.ldap.*.search.filter

java.lang.String

micronaut.security.ldap.*.search.attributes

micronaut.security.oauth2.openid.logout-uri

java.lang.String

The URI used to log out of an OpenID provider. Default value ("/oauth/logout").
-🔗 +🔗 - +@@ -1172,19 +1272,16 @@

Micronaut Security Ldap Conf

- - - + + +
Table 31. Configuration Properties for LdapConfigurationTable 34. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$UserInfoEndpointConfigurationProperties

micronaut.security.ldap.*.enabled

boolean

Sets whether this configuration is enabled. Default true.

micronaut.security.oauth2.clients.*.openid.user-info.url

java.lang.String

The endpoint URL
-
-
-

Micronaut Security Oauth2 Config Properties

-🔗 +🔗 - +@@ -1199,31 +1296,27 @@

Micronaut Security Oauth2

- - - - - - - - + + + - + - + - - - + + +
Table 32. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$TokenEndpointConfigurationPropertiesTable 35. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties

micronaut.security.oauth2.clients.*.openid.token.url

java.lang.String

The endpoint URL

micronaut.security.oauth2.clients.*.openid.token.auth-method

AuthenticationMethod

micronaut.security.oauth2.clients.*.openid.issuer

java.net.URL

URL using the https scheme with no query or fragment component that the + Open ID provider asserts as its issuer identifier.

micronaut.security.oauth2.clients.*.openid.token.authentication-method

micronaut.security.oauth2.clients.*.openid.configuration-path

java.lang.String

Authentication Method

The configuration path to discover openid configuration. Default ("/.well-known/openid-configuration").

micronaut.security.oauth2.clients.*.openid.token.content-type

MediaType

The content type of token endpoint requests. Default value (application/x-www-form-urlencoded).

micronaut.security.oauth2.clients.*.openid.jwks-uri

java.lang.String

The JWKS signature URI.
-🔗 +🔗 - +@@ -1238,26 +1331,26 @@

Micronaut Security Oauth2

- - - + + + - - + + - + - +
Table 33. Configuration Properties for OauthClientConfigurationProperties$TokenEndpointConfigurationPropertiesTable 36. Configuration Properties for OauthClientConfigurationProperties$ClientCredentialsConfigurationProperties$HeaderTokenPropagatorConfigurationProperties

micronaut.security.oauth2.clients.*.token.url

java.lang.String

The endpoint URL

micronaut.security.oauth2.clients.*.client-credentials.header-propagation.enabled

boolean

Enable {@link ClientCredentialsHeaderTokenPropagatorConfiguration}. Default value (true).

micronaut.security.oauth2.clients.*.token.auth-method

AuthenticationMethod

micronaut.security.oauth2.clients.*.client-credentials.header-propagation.prefix

java.lang.String

micronaut.security.oauth2.clients.*.token.authentication-method

micronaut.security.oauth2.clients.*.client-credentials.header-propagation.header-name

java.lang.String

Authentication Method
-🔗 +🔗 - +@@ -1272,41 +1365,22 @@

Micronaut Security Oauth2

- - - - - - - - - - - - - - - - + - - - - - - + - - - + + +
Table 34. Configuration Properties for CookieStatePersistenceConfigurationTable 37. Configuration Properties for DefaultStateConfiguration

micronaut.security.oauth2.state.cookie.cookie-domain

java.lang.String

Sets the domain name of this Cookie. Default value (null).

micronaut.security.oauth2.state.cookie.cookie-secure

java.lang.Boolean

Sets whether the cookie is secured. Defaults to the secure status of the request.

micronaut.security.oauth2.state.cookie.cookie-name

java.lang.String

Cookie Name. Default value {@link #DEFAULT_COOKIENAME}.

micronaut.security.oauth2.state.cookie.cookie-path

micronaut.security.oauth2.state.persistence

java.lang.String

Sets the path of the cookie. Default value ("/").

micronaut.security.oauth2.state.cookie.cookie-http-only

java.lang.Boolean

Whether the Cookie can only be accessed via HTTP. Default value (true).

Sets the mechanism to persist the state for later retrieval for validation. + Supported values ("session", "cookie"). Default value ("cookie").

micronaut.security.oauth2.state.cookie.cookie-max-age

java.time.Duration

Sets the maximum age of the cookie. Default value (5 minutes).

micronaut.security.oauth2.state.enabled

boolean

Sets whether a state parameter will be sent. Default (true).
-🔗 +🔗 - +@@ -1321,16 +1395,36 @@

Micronaut Security Oauth2

- + - + + + + + + + + + + + + + + + + + + + + +
Table 35. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$UserInfoEndpointConfigurationPropertiesTable 38. Configuration Properties for OauthClientConfigurationProperties

micronaut.security.oauth2.clients.*.openid.user-info.url

micronaut.security.oauth2.clients.*.client-id

java.lang.String

The endpoint URL

OAuth 2.0 client id.

micronaut.security.oauth2.clients.*.client-secret

java.lang.String

OAuth 2.0 client secret.

micronaut.security.oauth2.clients.*.enabled

boolean

Sets whether the client is enabled. Default value (true).

micronaut.security.oauth2.clients.*.scopes

java.util.List

Requested scopes. If not specified for OAuth 2.0 clients using OpenID Connect it defaults to profile, email and idtoken

micronaut.security.oauth2.clients.*.grant-type

GrantType

OAuth 2.0 grant type. Default value (authorization_code).
-🔗 +🔗 - +@@ -1345,29 +1439,27 @@

Micronaut Security Oauth2

- - - + + + - - - + + + - + - +
Table 36. Configuration Properties for OauthConfigurationProperties$OpenIdConfigurationProperties$ClaimsValidationConfigurationPropertiesTable 39. Configuration Properties for PkceConfigurationProperties

micronaut.security.oauth2.openid.claims-validation.issuer

boolean

Whether IssuerClaimValidator - is enabled. Default value (true).

micronaut.security.oauth2.pkce.entropy

int

entropy (in bytes) used for the code verifier generation. Default value 64.

micronaut.security.oauth2.openid.claims-validation.audience

boolean

Whether AudienceClaimValidator - is enabled. Default value (true).

micronaut.security.oauth2.pkce.persistence

java.lang.String

Sets the mechanism to persist the state for later retrieval for validation. + Supported values ("session", "cookie"). Default value (PERSISTENCE_COOKIE).

micronaut.security.oauth2.openid.claims-validation.authorized-party

micronaut.security.oauth2.pkce.enabled

boolean

Whether AuthorizedPartyClaimValidator - is enabled. Default value (true).

Sets whether a state parameter will be sent. Default (true).
-🔗 +🔗 - +@@ -1382,27 +1474,29 @@

Micronaut Security Oauth2

- - - + + + - - - + + + - - - + + +
Table 37. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationPropertiesTable 40. Configuration Properties for OauthConfigurationProperties$OpenIdConfigurationProperties$AdditionalClaimsConfigurationProperties

micronaut.security.oauth2.clients.*.openid.issuer

java.net.URL

URL using the https scheme with no query or fragment component that the - Open ID provider asserts as its issuer identifier.

micronaut.security.oauth2.openid.additional-claims.jwt

boolean

Set to true if the original JWT from the provider should be included in the Micronaut JWT. + Default value (false).

micronaut.security.oauth2.clients.*.openid.configuration-path

java.lang.String

The configuration path to discover openid configuration. Default ("/.well-known/openid-configuration").

micronaut.security.oauth2.openid.additional-claims.access-token

boolean

Set to true if the original access token from the provider should be included in the Micronaut JWT. + Default value (false).

micronaut.security.oauth2.clients.*.openid.jwks-uri

java.lang.String

The JWKS signature URI.

micronaut.security.oauth2.openid.additional-claims.refresh-token

boolean

Set to true if the original refresh token from the provider should be included in the Micronaut JWT. + Default value (false).
🔗 - +@@ -1452,7 +1546,7 @@

Micronaut Security Oauth2
🔗

Table 38. Configuration Properties for OauthClientConfigurationProperties$ClientCredentialsConfigurationPropertiesTable 41. Configuration Properties for OauthClientConfigurationProperties$ClientCredentialsConfigurationProperties
- +@@ -1515,58 +1609,9 @@

Micronaut Security Oauth2

Table 39. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$AuthorizationEndpointConfigurationPropertiesTable 42. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$AuthorizationEndpointConfigurationProperties
-🔗 - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Table 40. Configuration Properties for CookieNoncePersistenceConfiguration
PropertyTypeDescription

micronaut.security.oauth2.openid.nonce.cookie.cookie-domain

java.lang.String

Sets the domain name of this Cookie. Default value (null).

micronaut.security.oauth2.openid.nonce.cookie.cookie-secure

java.lang.Boolean

Sets whether the cookie is secured. Defaults to the secure status of the request.

micronaut.security.oauth2.openid.nonce.cookie.cookie-name

java.lang.String

Cookie Name. Default value {@link #DEFAULT_COOKIENAME}.

micronaut.security.oauth2.openid.nonce.cookie.cookie-path

java.lang.String

Sets the path of the cookie. Default value ("/").

micronaut.security.oauth2.openid.nonce.cookie.cookie-http-only

java.lang.Boolean

Whether the Cookie can only be accessed via HTTP. Default value (true).

micronaut.security.oauth2.openid.nonce.cookie.cookie-max-age

java.time.Duration

Sets the maximum age of the cookie. Default value (5 minutes).

-
-🔗 +🔗 - +@@ -1580,30 +1625,27 @@

Micronaut Security Oauth2

- - - - + + + + - - - + + + - - - + + +
Table 41. Configuration Properties for OauthConfigurationProperties$OpenIdConfigurationProperties$AdditionalClaimsConfigurationPropertiesTable 43. Configuration Properties for OauthClientConfigurationProperties$TokenEndpointConfigurationProperties

micronaut.security.oauth2.openid.additional-claims.jwt

boolean

Set to true if the original JWT from the provider should be included in the Micronaut JWT. - Default value (false).

micronaut.security.oauth2.clients.*.token.url

java.lang.String

The endpoint URL

micronaut.security.oauth2.openid.additional-claims.access-token

boolean

Set to true if the original access token from the provider should be included in the Micronaut JWT. - Default value (false).

micronaut.security.oauth2.clients.*.token.auth-method

AuthenticationMethod

micronaut.security.oauth2.openid.additional-claims.refresh-token

boolean

Set to true if the original refresh token from the provider should be included in the Micronaut JWT. - Default value (false).

micronaut.security.oauth2.clients.*.token.authentication-method

java.lang.String

Authentication Method
🔗 - +@@ -1650,9 +1692,9 @@

Micronaut Security Oauth2

Table 42. Configuration Properties for CookiePkcePersistenceConfigurationTable 44. Configuration Properties for CookiePkcePersistenceConfiguration
-🔗 +🔗 - +@@ -1667,56 +1709,41 @@

Micronaut Security Oauth2

- - - - - - + - + - - - + + + - -
Table 43. Configuration Properties for PkceConfigurationPropertiesTable 45. Configuration Properties for CookieNoncePersistenceConfiguration

micronaut.security.oauth2.pkce.entropy

int

entropy (in bytes) used for the code verifier generation. Default value 64.

micronaut.security.oauth2.pkce.persistence

micronaut.security.oauth2.openid.nonce.cookie.cookie-domain

java.lang.String

Sets the mechanism to persist the state for later retrieval for validation. - Supported values ("session", "cookie"). Default value (PERSISTENCE_COOKIE).

Sets the domain name of this Cookie. Default value (null).

micronaut.security.oauth2.pkce.enabled

boolean

Sets whether a state parameter will be sent. Default (true).

micronaut.security.oauth2.openid.nonce.cookie.cookie-secure

java.lang.Boolean

Sets whether the cookie is secured. Defaults to the secure status of the request.
-
-🔗 - - ----- - - - - + + + - - - + - + - - - + + + + + + + +
Table 44. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$EndSessionConfigurationProperties
PropertyTypeDescription

micronaut.security.oauth2.openid.nonce.cookie.cookie-name

java.lang.String

Cookie Name. Default value {@link #DEFAULT_COOKIENAME}.

micronaut.security.oauth2.clients.*.openid.end-session.url

micronaut.security.oauth2.openid.nonce.cookie.cookie-path

java.lang.String

The endpoint URL

Sets the path of the cookie. Default value ("/").

micronaut.security.oauth2.clients.*.openid.end-session.enabled

boolean

The end session enabled flag. Default value (true).

micronaut.security.oauth2.openid.nonce.cookie.cookie-http-only

java.lang.Boolean

Whether the Cookie can only be accessed via HTTP. Default value (true).

micronaut.security.oauth2.openid.nonce.cookie.cookie-max-age

java.time.Duration

Sets the maximum age of the cookie. Default value (5 minutes).
-🔗 +🔗 - +@@ -1731,21 +1758,31 @@

Micronaut Security Oauth2

- + - + + + + + + - + + + + + +
Table 45. Configuration Properties for OauthClientConfigurationProperties$AuthorizationEndpointConfigurationPropertiesTable 46. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$TokenEndpointConfigurationProperties

micronaut.security.oauth2.clients.*.authorization.url

micronaut.security.oauth2.clients.*.openid.token.url

java.lang.String

The endpoint URL

micronaut.security.oauth2.clients.*.authorization.code-challenge-method

micronaut.security.oauth2.clients.*.openid.token.auth-method

AuthenticationMethod

micronaut.security.oauth2.clients.*.openid.token.authentication-method

java.lang.String

Code Challenge Method to use for PKCE.

Authentication Method

micronaut.security.oauth2.clients.*.openid.token.content-type

MediaType

The content type of token endpoint requests. Default value (application/x-www-form-urlencoded).
-🔗 +🔗 - +@@ -1760,33 +1797,29 @@

Micronaut Security Oauth2

- + - - - - - - + - - - + + + - - - + + +
Table 46. Configuration Properties for OauthConfigurationPropertiesTable 47. Configuration Properties for OauthConfigurationProperties$OpenIdConfigurationProperties$ClaimsValidationConfigurationProperties

micronaut.security.oauth2.enabled

micronaut.security.oauth2.openid.claims-validation.issuer

boolean

Sets whether the OAuth 2.0 support is enabled. Default value (true).

micronaut.security.oauth2.login-uri

java.lang.String

The URI template that is used to initiate an OAuth 2.0 - authorization code grant flow. Default value ("/oauth/login{/provider}").

Whether IssuerClaimValidator + is enabled. Default value (true).

micronaut.security.oauth2.callback-uri

java.lang.String

The URI template that OAuth 2.0 providers can use to - submit an authorization callback request. Default value ("/oauth/callback{/provider}").

micronaut.security.oauth2.openid.claims-validation.audience

boolean

Whether AudienceClaimValidator + is enabled. Default value (true).

micronaut.security.oauth2.default-provider

java.lang.String

The default authentication provider for an OAuth 2.0 authorization code grant flow.

micronaut.security.oauth2.openid.claims-validation.authorized-party

boolean

Whether AuthorizedPartyClaimValidator + is enabled. Default value (true).
-🔗 +🔗 - +@@ -1801,22 +1834,21 @@

Micronaut Security Oauth2

- + - + - + - +
Table 47. Configuration Properties for DefaultStateConfigurationTable 48. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$EndSessionConfigurationProperties

micronaut.security.oauth2.state.persistence

micronaut.security.oauth2.clients.*.openid.end-session.url

java.lang.String

Sets the mechanism to persist the state for later retrieval for validation. - Supported values ("session", "cookie"). Default value ("cookie").

The endpoint URL

micronaut.security.oauth2.state.enabled

micronaut.security.oauth2.clients.*.openid.end-session.enabled

boolean

Sets whether a state parameter will be sent. Default (true).

The end session enabled flag. Default value (true).
-🔗 +🔗 - +@@ -1831,16 +1863,26 @@

Micronaut Security Oauth2

- + + + + + + + + + + +
Table 48. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$RegistrationEndpointConfigurationPropertiesTable 49. Configuration Properties for OauthClientConfigurationProperties$IntrospectionEndpointConfigurationProperties

micronaut.security.oauth2.clients.*.openid.registration.url

micronaut.security.oauth2.clients.*.introspection.url

java.lang.String

The endpoint URL

micronaut.security.oauth2.clients.*.introspection.auth-method

AuthenticationMethod

micronaut.security.oauth2.clients.*.introspection.authentication-method

java.lang.String

Authentication Method
🔗 - +@@ -1862,9 +1904,9 @@

Micronaut Security Oauth2

Table 49. Configuration Properties for OauthConfigurationProperties$OpenIdConfigurationProperties$EndSessionConfigurationPropertiesTable 50. Configuration Properties for OauthConfigurationProperties$OpenIdConfigurationProperties$EndSessionConfigurationProperties
-🔗 +🔗 - +@@ -1879,46 +1921,26 @@

Micronaut Security Oauth2

- + - - - - - - + - -
Table 50. Configuration Properties for DefaultNonceConfigurationTable 51. Configuration Properties for OauthClientConfigurationProperties$RevocationEndpointConfigurationProperties

micronaut.security.oauth2.openid.nonce.persistence

micronaut.security.oauth2.clients.*.revocation.url

java.lang.String

Sets the mechanism to persist the nonce for later retrieval for validation. - Supported values ("session", "cookie"). Default value ("cookie").

micronaut.security.oauth2.openid.nonce.enabled

boolean

Sets whether a nonce parameter will be sent. Default (true).

The endpoint URL
-
-🔗 - - ----- - - - - + + + - - - + - +
Table 51. Configuration Properties for OauthConfigurationProperties$OpenIdConfigurationProperties
PropertyTypeDescription

micronaut.security.oauth2.clients.*.revocation.auth-method

AuthenticationMethod

micronaut.security.oauth2.openid.logout-uri

micronaut.security.oauth2.clients.*.revocation.authentication-method

java.lang.String

The URI used to log out of an OpenID provider. Default value ("/oauth/logout").

Authentication Method
-🔗 +🔗 - +@@ -1933,26 +1955,33 @@

Micronaut Security Oauth2

- + + + + + + - + - - - + + + - + - +
Table 52. Configuration Properties for OauthClientConfigurationProperties$RevocationEndpointConfigurationPropertiesTable 52. Configuration Properties for OauthConfigurationProperties

micronaut.security.oauth2.clients.*.revocation.url

micronaut.security.oauth2.enabled

boolean

Sets whether the OAuth 2.0 support is enabled. Default value (true).

micronaut.security.oauth2.login-uri

java.lang.String

The endpoint URL

The URI template that is used to initiate an OAuth 2.0 + authorization code grant flow. Default value ("/oauth/login{/provider}").

micronaut.security.oauth2.clients.*.revocation.auth-method

AuthenticationMethod

micronaut.security.oauth2.callback-uri

java.lang.String

The URI template that OAuth 2.0 providers can use to + submit an authorization callback request. Default value ("/oauth/callback{/provider}").

micronaut.security.oauth2.clients.*.revocation.authentication-method

micronaut.security.oauth2.default-provider

java.lang.String

Authentication Method

The default authentication provider for an OAuth 2.0 authorization code grant flow.
-🔗 +🔗 - +@@ -1967,26 +1996,22 @@

Micronaut Security Oauth2

- - - - - - + - + - - - + + +
Table 53. Configuration Properties for OauthClientConfigurationProperties$ClientCredentialsConfigurationProperties$HeaderTokenPropagatorConfigurationPropertiesTable 53. Configuration Properties for DefaultNonceConfiguration

micronaut.security.oauth2.clients.*.client-credentials.header-propagation.enabled

boolean

Enable {@link ClientCredentialsHeaderTokenPropagatorConfiguration}. Default value (true).

micronaut.security.oauth2.clients.*.client-credentials.header-propagation.prefix

micronaut.security.oauth2.openid.nonce.persistence

java.lang.String

Sets the mechanism to persist the nonce for later retrieval for validation. + Supported values ("session", "cookie"). Default value ("cookie").

micronaut.security.oauth2.clients.*.client-credentials.header-propagation.header-name

java.lang.String

micronaut.security.oauth2.openid.nonce.enabled

boolean

Sets whether a nonce parameter will be sent. Default (true).
-🔗 +🔗 - +@@ -2001,36 +2026,16 @@

Micronaut Security Oauth2

- - - - - - + - - - - - - - - - - - - - - - - +
Table 54. Configuration Properties for OauthClientConfigurationPropertiesTable 54. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$RegistrationEndpointConfigurationProperties

micronaut.security.oauth2.clients.*.client-id

java.lang.String

OAuth 2.0 client id.

micronaut.security.oauth2.clients.*.client-secret

micronaut.security.oauth2.clients.*.openid.registration.url

java.lang.String

OAuth 2.0 client secret.

micronaut.security.oauth2.clients.*.enabled

boolean

Sets whether the client is enabled. Default value (true).

micronaut.security.oauth2.clients.*.scopes

java.util.List

Requested scopes. If not specified for OAuth 2.0 clients using OpenID Connect it defaults to profile, email and idtoken

micronaut.security.oauth2.clients.*.grant-type

GrantType

OAuth 2.0 grant type. Default value (authorization_code).

The endpoint URL
-🔗 +🔗 - +@@ -2045,19 +2050,14 @@

Micronaut Security Oauth2

- + - - - - - - + - +
Table 55. Configuration Properties for OauthClientConfigurationProperties$IntrospectionEndpointConfigurationPropertiesTable 55. Configuration Properties for OauthClientConfigurationProperties$AuthorizationEndpointConfigurationProperties

micronaut.security.oauth2.clients.*.introspection.url

micronaut.security.oauth2.clients.*.authorization.url

java.lang.String

The endpoint URL

micronaut.security.oauth2.clients.*.introspection.auth-method

AuthenticationMethod

micronaut.security.oauth2.clients.*.introspection.authentication-method

micronaut.security.oauth2.clients.*.authorization.code-challenge-method

java.lang.String

Authentication Method

Code Challenge Method to use for PKCE.