fixes #26 Update default security.yml in openapi-security and swagger…

…-security

openapi-security/src/main/resources/config/security.yml

@@ -21,3 +21,16 @@ logJwtToken: true
 
 # Enable or disable client_id, user_id and scope logging.
 logClientUserScope: false
+
+# If OAuth2 provider support http2 protocol. If using light-oauth2, set this to true.
+oauthHttp2Support: true
+
+# Enable JWT token cache to speed up verification. This will only verify expired time
+# and skip the signature verification as it takes more CPU power and long time.
+enableJwtCache: true
+
+# If you are using light-oauth2, then you don't need to have oauth subfolder for public
+# key certificate to verify JWT token, the key will be retrieved from key endpoint once
+# the first token is arrived. Default to false for dev environment without oauth2 server
+# or official environment that use other OAuth 2.0 providers.
+bootstrapFromKeyService: false

swagger-security/src/main/resources/config/security.yml

@@ -21,3 +21,16 @@ logJwtToken: true
 
 # Enable or disable client_id, user_id and scope logging.
 logClientUserScope: false
+
+# If OAuth2 provider support http2 protocol. If using light-oauth2, set this to true.
+oauthHttp2Support: true
+
+# Enable JWT token cache to speed up verification. This will only verify expired time
+# and skip the signature verification as it takes more CPU power and long time.
+enableJwtCache: true
+
+# If you are using light-oauth2, then you don't need to have oauth subfolder for public
+# key certificate to verify JWT token, the key will be retrieved from key endpoint once
+# the first token is arrived. Default to false for dev environment without oauth2 server
+# or official environment that use other OAuth 2.0 providers.
+bootstrapFromKeyService: false