Skip to content

Commit

Permalink
Update README.MD
Browse files Browse the repository at this point in the history
  • Loading branch information
@ch4mpy
ch4mpy authored Nov 22, 2024
1 parent 17a6b40 commit 721b8b7
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions spring-addons-starter-oidc/README.MD
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,8 +97,8 @@ If `spring-boot-starter-oauth2-resource-server` is on the classpath and unless `
- stateless (no session and CSRF protection disabled)
- respond with 401 to unauthorized requests
- access token introspection if `spring.security.oauth2.resourceserver.opaquetoken.introspection-uri` is set and JWT decoder otherwise
- CORS disabled (unless some `cors` properties are provided)
- anonymous access allowed to pre-flight requests as well as all requests with a path matching an entry in `permit-all`; all others requests requiring a valid authentication
- CORS disabled (as a reminder, `cors` properties configure a global filter)
- anonymous access allowed to pre-flight requests for the path-matchers listed in `cors` properties, as well as all requests with a path matching an entry in `permit-all`; all other requests requiring a valid authentication

#### 1.1.2. <a name="1-1-2"/>Authorities Converter
Spring security implements Role Based Access Control (RBAC) with so called `GrantedAuthority` (accessed through `Authentication#getAuthorities`).
Expand Down Expand Up @@ -219,7 +219,7 @@ The most convenient way to define fine-grained access control is probably to `@E
For those preferring access control in configuration (or when you don't write the endpoint yourself), you can expose a `@Bean` of type `ResourceServerExpressionInterceptUrlRegistryPostProcessor` or `ResourceServerAuthorizeExchangeSpecPostProcessor`.

#### 1.1.6. <a name="1-1-6"/>CORS Configuration
Starting from version `7.8.7`, the CORS configuration is made using a global filter, behavior of which is control with application properties:
Starting from version `7.8.7`, the CORS configuration is made using a global filter, behavior of which is controlled with application properties:
```java
com:
c4-soft:
Expand Down Expand Up @@ -261,7 +261,7 @@ This filter-chain is configured with the following defaults:
- stateful (session and CSRF protection enabled)
- oauth2Login
- RP-Initiated Logout
- CORS disabled (unless some `cors` properties are provided)
- CORS disabled (as a reminder, `cors` properties configure a global filter)
- anonymous access allowed to pre-flight requests as well as all requests with a path matching an entry in `permit-all`; all others requests requiring a valid authentication

#### 1.2.2. <a name="1-2-2"/>Setting a Base URI for the Client
Expand Down

0 comments on commit 721b8b7

Please sign in to comment.