Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring Boot 2.0 disable default security

Tags:

spring-boot

spring-security

spring-webflux

spring-security-rest

I want to use Spring Security for JWT authentication. But it comes with default authentication. I am trying to disable it, but the old approach of doing this - disabling it through application.properties - is deprecated in 2.0.

This is what I tried:

@Configuration public class StackWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {      @Override     protected void configure(HttpSecurity http) throws Exception {         http.httpBasic().disable();         // http.authorizeRequests().anyRequest().permitAll(); // Also doesn't work.     } }

How can I simply disable basic security?

UPDATE
It might be nice to know that I am not using web mvc but web flux.

Screenshot:
Basic login form

like image 966
Jan Wytze Avatar asked Nov 13 '17 21:11

Jan Wytze

People also ask

How do I disable spring boot default security?

In Spring Boot 2, if we want our own security configuration, we can simply add a custom WebSecurityConfigurerAdapter. This will disable the default auto-configuration and enable our custom security configuration.

How do I ignore Spring Security?

When using permitAll it means every authenticated user, however you disabled anonymous access so that won't work. What you want is to ignore certain URLs for this override the configure method that takes WebSecurity object and ignore the pattern.

How do I disable Spring Security for actuator endpoints?

You can enable or disable an actuator endpoint by setting the property management. endpoint. <id>. enabled to true or false (where id is the identifier for the endpoint).

1 Answers

According to the new updates in Spring 2.0, if Spring Security is on the classpath, Spring Boot will add @EnableWebSecurity.So adding entries to the application.properties ain't gonna work (i.e it is no longer customizable that way). For more information visit the official website Security changes in Spring Boot 2.0

Albeit not sure about your requirement exactly, I could think of one workaround like the following:-

@Configuration @EnableWebSecurity public class SecurityConfiguration  extends WebSecurityConfigurerAdapter{     @Override     protected void configure(HttpSecurity http) throws Exception{         http.authorizeRequests().antMatchers("/").permitAll();     } }

Hope this helps.

like image 102
Sen Avatar answered Sep 17 '22 17:09

Sen
Sign in to Comment

Related questions

Spring boot ddl auto generator
Failed to auto-configure a DataSource: 'spring.datasource.url' is not specified
How to add multiple application.properties files in spring-boot?
How to log request and response bodies in Spring WebFlux
Hot swapping in Spring Boot
SpringRunner vs SpringBootTest
Update or SaveorUpdate in CRUDRespository, Is there any options available
Connection to Db dies after >4<24 in spring-boot jpa hibernate
Springboot/Angular2 - How to handle HTML5 urls?
What are `spring-boot-starter` jars?
What is the difference between "gradle bootRun" and "gradle run" to run a springboot application?
Communication between two microservices
Spring Boot, Spring Data JPA with multiple DataSources
spring-boot default log location
Spring-Boot How to properly inject javax.validation.Validator
What is the spring-boot-configuration-processor ? Why do people exclude libraries from it? Why is it invisible in dependency tree?
@Value "Could not resolve placeholder" in Spring Boot Test
SpringApplication.run main method
Spring Boot Actuator Health Returning DOWN
How to display auto-configuration report when running a Spring Boot application

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!