Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to get past the Authentication Required Spring-boot Security

I have put in the password which is "root" and it keeps popping back up. How can I suppress this or get rid of it. I am using spring boot and spring security.

enter image description here

application.properties

spring.datasource.driverClassName=com.mysql.jdbc.Driver
spring.datasource.url=jdbc:mysql://localhost:3306/springbootpractice
spring.datasource.username=root


spring.jpa.database = MYSQL
spring.jpa.show-sql = true

# Hibernate
hibernate.dialect: org.hibernate.dialect.MySQL5Dialect
hibernate.show_sql: true
hibernate.hbm2ddl.auto: update
entitymanager.packagesToScan: /

I am using intellij 14 if that matters.

----Update 1-----

@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/", "/index").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .loginPage("/index")
                .permitAll()
                .and()
                .logout()
                .permitAll();
    } 

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .authorizeRequests()
                    .antMatchers("/", "/index").permitAll()
                    .anyRequest().authenticated()
                    .and()
                    .formLogin()
                    .loginPage("/index")
                    .permitAll()
                    .and()
                    .logout()
                    .permitAll();
        }

        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
            auth
                    .inMemoryAuthentication()
                    .withUser("user").password("password").roles("USER");
        }
    }

enter image description here

like image 225
Mike3355 Avatar asked Aug 08 '15 08:08

Mike3355


People also ask

How do I bypass spring boot security?

To disable Security Auto-Configuration and add our own configuration, we need to exclude the SecurityAutoConfiguration class from auto-configuration. If you have spring-boot-actuator included in your dependecies then you need to exclude ManagementWebSecurityAutoConfiguration class from auto-configuration.

How do I authenticate in Spring Security?

Simply put, Spring Security hold the principal information of each authenticated user in a ThreadLocal – represented as an Authentication object. In order to construct and set this Authentication object – we need to use the same approach Spring Security typically uses to build the object on a standard authentication.


3 Answers

This class has to be in a parent package of all other packages: WebSecurityConfig. Also in application.properties set:

security.basic.enabled=false
like image 89
ACV Avatar answered Oct 24 '22 03:10

ACV


ACV's answer is probably the easiest way to turn off the authentication completely by adding security.basic.enabled=false to the application.properties file which is usually located under src/main/resources folder.

or you just type in the password :)

1. use default password

When you run your spring application, there is usually a whole bunch of logging printed, which people usually don't read. The password is actually generated and printed to the screen at the startup. and the username is simply user. If you are testing using a browser and it probably only need you enter it once and caches it, so once for all, you should be securely logged in without authenticating every time. (however, every time you restart your app, it will generate a new password)

enter image description here

2. customize your password

Add the following properties to your application.properties if you want to customize your username and password:

security.user.name=myuser
security.user.password=mypassword

And here is how it looks like with your own username and password

enter image description here

Reference:

  1. Spring Boot Features - Security
  2. Monitoring and Management over HTTP
like image 18
B.Mr.W. Avatar answered Oct 24 '22 03:10

B.Mr.W.


You can bypass this spring boot security mechanism. See an example below for this:

@SpringBootApplication
@EnableAutoConfiguration(exclude = {SecurityAutoConfiguration.class})
public class SampleSpringBootApplication {

    public static void main(String[] args) {
        SpringApplication.run(SampleSpringBootApplication.class, args);
    }
}
like image 3
Bilal Ahmed Yaseen Avatar answered Oct 24 '22 03:10

Bilal Ahmed Yaseen