Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Disable Basic Authentication while using Spring Security Java configuration

Tags:

I am trying to secure a web application using Spring Security java configuration.

This is how the configuration looks:-

@Configuration @EnableWebMvcSecurity public class SecurityConfiguration extends WebSecurityConfigurerAdapter {      private String googleClientSecret;      @Autowired     private CustomUserService customUserService;      /*      * (non-Javadoc)      *       * @see org.springframework.security.config.annotation.web.configuration.      * WebSecurityConfigurerAdapter      * #configure(org.springframework.security.config      * .annotation.web.builders.HttpSecurity)      */     @Override     protected void configure(HttpSecurity http) throws Exception {          // @formatter:off         http             .authorizeRequests()                 .antMatchers(HttpMethod.GET, "/","/static/**", "/resources/**","/resources/public/**").permitAll()                 .anyRequest().authenticated()             .and()                 .formLogin()                     .and()                 .httpBasic().disable()             .requiresChannel().anyRequest().requiresSecure();         // @formatter:on         super.configure(http);     }      @Override     protected void configure(AuthenticationManagerBuilder auth)             throws Exception {         // @formatter:off         auth             .eraseCredentials(true)             .userDetailsService(customUserService);         // @formatter:on         super.configure(auth);     } }

Notice that I have explicitly disabled HTTP Basic authentication using:-

.httpBasic().disable()

I am still getting HTTP Authenticaton prompt box while accessing a secured url. Why?

Please help me fix this. I just want to render the default login form that comes bundled.

Spring Boot Starter Version : 1.1.5 Spring Security Version : 3.2.5

Thanks

like image 354
Kumar Sambhav Avatar asked Sep 03 '14 08:09

Kumar Sambhav

People also ask

How do I disable spring boot security configuration?

To disable Security Auto-Configuration and add our own configuration, we need to exclude the SecurityAutoConfiguration class from auto-configuration. If you have spring-boot-actuator included in your dependecies then you need to exclude ManagementWebSecurityAutoConfiguration class from auto-configuration.

1 Answers

First of all, calling super.configure(http); will override whole your configuration you have before that.

Try this instead:

http     .authorizeRequests()         .anyRequest().authenticated()         .and()     .formLogin()         .and()     .httpBasic().disable();
like image 109
kazuar Avatar answered Sep 22 '22 02:09

kazuar
Sign in to Comment

Related questions

How to pass callback functions in Swift
Kademlia XOR metric properties purposes
Multi-item responsive carousel
Make title attribute appear instantly on hover
SVG Position text relative to parent <g>
Java and GUI - Where do ActionListeners belong according to MVC pattern?
504 Gateway Timeout - Two EC2 instances with load balancer
what are the differences between Haskell and PureScript?
Formatting python docstrings for dicts
Is it better to compare strings using toLowerCase or toUpperCase in JavaScript?
Vagrant: How to sync folder from guest back to host?
Emitting and handling global events with react

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!