Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring Boot 2.0.x disable security for certain profile

Tags:

java

spring-boot

spring-security

In Spring Boot 1.5.x, I've had Security configured and in certain profiles (e.g. local), I've added security.basic.enabled=false line to the .properties file to disable all security for that profile. I'm trying to migrate to the new Spring Boot 2, where that configuration property is removed. How can I achieve the same behaviour (without using this property) in Spring Boot 2.0.x?

I've already read Spring-Boot-Security-2.0 and security-changes-in-spring-boot-2-0-m4 and there is nothing regarding this property.

like image 291
leonz Avatar asked Mar 13 '18 14:03

leonz

2 Answers

Spring Boot 2.1.3

For a certain profile "dev"

Create a new Spring Configuration class

@Configuration
@EnableAutoConfiguration(exclude = {SecurityAutoConfiguration.class})
@Profile("dev")
public class WebSecurityConfigDisable  {

}

This will disable the spring security.

like image 173
Madhu Tomy Avatar answered Sep 24 '22 19:09

Madhu Tomy

Here is how I ended up solving the problem. Here is an example of how my security config looked in Spring Boot 1.5.x. Security was disabled with property security.basic.enabled=false:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/upload/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable().authorizeRequests()
                .anyRequest().authenticated()
                .and().httpBasic();
    }
}

Since security.basic.enabled was removed in Spring Boot 2 (but still reserved as property name), I ended up using security.enabled as a custom property. Here's an example of how my config looks in Spring Boot 2:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Value("${security.enabled:true}")
    private boolean securityEnabled;

    @Override
    public void configure(WebSecurity web) throws Exception {
        if (securityEnabled)
            web.ignoring().antMatchers("/upload/**");
        else
            web.ignoring().antMatchers("/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        if (securityEnabled)
            http.csrf().disable().authorizeRequests()
                    .anyRequest().authenticated()
                    .and().httpBasic();
    }
}
like image 27
leonz Avatar answered Sep 22 '22 19:09

leonz
Sign in to Comment

Related questions

Java - sort only subsection of array
freemarker + spring configuration and simplest example
Why does Java prefer to call double constructor?
Maven Project creation command stuck
multi module component scanning not working in spring boot
How to check if a string is made only of letters and numbers
I am getting DataSource Not Supported when using DataSouceBuilder
Is remove() faster than get() in HashMap?
How to script Gradle in order to publish shadowjar into Artifactory
problems after installing java 8
Java 8 Map: filter value and throw exception if match found
Retrieving child value -firebase-
Java8 Transform list of object to list of one attribute of object
Mockito ambiguous method call
How can I determine whether I am in a transaction in Spring?
When to use service or component in spring? [duplicate]
Apache POI DataFormatter Returns Scientific Notation
How to check JobService is running or not in android?
Check for null object and null value contained in object in Java 8 way
Room Database force OnCreate callback

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!