Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring boot: disable security auto configuration

Tags:

java

security

spring-boot

web

spring-security

I have multipart web project. Web Admin part contains:

compile('org.springframework.boot:spring-boot-starter-web')
compile("org.springframework.boot:spring-boot-starter-thymeleaf")
compile("org.springframework.boot:spring-boot-starter-jetty")
compile("org.springframework.boot:spring-boot-starter-actuator")

Main project build file contains: 

compile group: 'org.springframework', name: "spring-webmvc", version: springVersion
compile(group: 'org.springframework.security', name: "spring-security-web", version: springSecurityVersion) { exclude(module: 'spring-jdbc') }

Spring Boot application file:

@SpringBootApplication(exclude = {SecurityAutoConfiguration.class})
public class WebAdminApplication {

    public static void main(String[] args) {
        SpringApplication.run(WebAdminApplication.class, args);
    }
}

But when I'm doing http request to my admin part I'm getting user and password in my AuthenticationProvider:

auth.getPrincipal() -> user
auth.getCredentials() -> caeebd3a-307b-4edf-8f2f-833fad9ebc00

How I can disable auto security?

like image 509
Lugaru Avatar asked Nov 11 '15 16:11

Lugaru

2 Answers

Even I was facing the same issue. So, I added below code.

  • Case 1: If you have NOT activated 'ACTUATOR': @SpringBootApplication(exclude = { SecurityAutoConfiguration.class })

  • Case 2: If you have activated 'ACTUATOR': @SpringBootApplication(exclude = { org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class, org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration.class})

like image 106
Rahul Maurya Avatar answered Sep 19 '22 17:09

Rahul Maurya

if you look at spring boot's spring.factories (release 1.3.5 at the time of writing), you can see security has 4 autoconfigure classes:

org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration,\
org.springframework.boot.autoconfigure.security.SecurityFilterAutoConfiguration,\
org.springframework.boot.autoconfigure.security.FallbackWebSecurityAutoConfiguration,\
org.springframework.boot.autoconfigure.security.oauth2.OAuth2AutoConfiguration,\

You probably want to also disable SecurityFilterAutoConfiguration (or all 4 of them)

like image 42
Amit Portnoy Avatar answered Sep 21 '22 17:09

Amit Portnoy
Sign in to Comment

Related questions

Crawling using selenium: How to keep logged in after close Driver in java
How do I improve the runtime complexity of this algorithm?
can server and java servlet send auto email without user interactions? [duplicate]
How do I use inheritance when using the Datastax entity mapper for Cassandra?
Open link from <a href> with HtmlUnit Java
How to disable character escaping by jackson
Java lock-free performance JMH
Downloading Multiple Files Parallelly or Asynchronously in Java
List of divisors of a number
UnsupportedClassVersionError with IBM Java 1.6.0 and maven 3.3.3
Java: replacement in a string according to multiple rules
NullPointerException with ArrayList - should not be possible?
Spring Integration enrichHeader with randomUUID
How to collect to a List using streams returning my own List implementation? [duplicate]
ServiceLoader doesn't load implementation
No database instance with id:' ' found. Please specify a valid db instance
chromedriver clear cache - java
Why does getActionView() return null
Is java.util a package or a library?
View Pager - slide to next page programmatically with static variable

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!