what is the use of auto-config=true in spring security. In which scenario we should use this. what is the actual use of using auto-config=true ?
问题:
回答1:
auto-config="true"
is equivalent to:
<http>
<form-login />
<http-basic />
<logout />
</http>
so it gives you a very basic security configuration to boot.
Source: https://docs.spring.io/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ns-auto-config
回答2:
auto-config='true' means for the intercept-url pattern the spring security provides the default login screen
回答3:
This is one of the cases where we use auto-config = true
:
<http auto-config='true'>
<intercept-url pattern="/**" access="ROLE_USER" />
</http>
This declaration means we want all URLs within our application to be secured, requiring the role ROLE_USER to access them. The element is the parent for all web-related namespace functionality. The element defines a pattern which is matched against the URLs of incoming requests using an ant path style syntax
回答4:
Spring Security Reference:
"Use of this attribute is not recommended. Use explicit configuration elements instead to avoid confusion."
Source: https://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/html5/#nsa-http-attributes