Disable Spring Security from spring-security.xml file

Question

Help me with the advice please.

I need to disable/enable spring security on my application by some variable in xml file.

my spring-security.xml file

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<http auto-config="true">
    <intercept-url pattern="/*" access="ROLE_ADMIN" />
    <logout logout-success-url="/mainpage" />
            <login login-success-url="/mainpage" />
</http>

<authentication-manager>
    <authentication-provider>
        <user-service>
            <user name="hey" password="there" authorities="ROLE_ADMIN" />
        </user-service>
    </authentication-provider>
</authentication-manager>

How can be this perfomed? Thanks.

Answer 1

security

A request pattern can be mapped to an empty filter chain, by setting this attribute to none. No security will be applied and none of Spring Security's features will be available.

http://static.springsource.org/spring-security/site/docs/3.1.x/reference/appendix-namespace.html#nsa-http-security

so:

<http auto-config="true" security="none">

and as usual the "none" parameter can be a springEL expression (well a subset anyways).

hope this is what you were looking for

EDIT:

forgot to mention that it's a new feature is Spring Security 3.1

http://static.springsource.org/spring-security/site/docs/3.1.x/reference/new-3.1.html#new-3.1-highlevel

EDIT2:

For a more dynamic solution use bean profiles. http://static.springsource.org/spring/docs/3.1.x/spring-framework-reference/html/new-in-3.1.html#d0e1293 and http://blog.springsource.com/2011/02/11/spring-framework-3-1-m1-released/