Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SpringBoot 401 UnAuthorized even with out security

I did not use Spring Security but it is asking me to authenticate.

enter image description here

Exception for URL(http://localhost:8080/SpringJob/ExecuteJob):

{     "timestamp": 1500622875056,     "status": 401,     "error": "Unauthorized",     "message": "Bad credentials",     "path": "/SPPA/ExecuteSPPAJob" } ----below log details 2017-07-21 13:15:35.210  INFO 19828 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/SpringJob]   : Initializing Spring FrameworkServlet 'dispatcherServlet' 2017-07-21 13:15:35.210 [http-nio-8080-exec-1] INFO                      o.a.c.c.C.[.[localhost].[/SpringJob]-Initializing Spring FrameworkServlet 'dispatcherServlet'  2017-07-21 13:15:35.211  INFO 19828 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : FrameworkServlet 'dispatcherServlet': initialization started 2017-07-21 13:15:35.211 [http-nio-8080-exec-1] INFO                      o.s.web.servlet.DispatcherServlet-FrameworkServlet 'dispatcherServlet': initialization started  2017-07-21 13:15:35.494  INFO 19828 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : FrameworkServlet 'dispatcherServlet': initialization completed in 282 ms 2017-07-21 13:15:35.494 [http-nio-8080-exec-1] INFO                      o.s.web.servlet.DispatcherServlet-FrameworkServlet 'dispatcherServlet': initialization completed in 282 ms  

application-dev.xml

#Spring Boot based configurations management.security.enabled: "false" spring.autoconfigure.exclude:  "org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration" spring.batch.job.enabled: false server.contextPath: /SpringJob 

build.gradle snippet

plugins {     id 'jacoco'     id 'org.sonarqube' version '2.5' }  apply plugin: 'java' apply plugin: 'eclipse' apply plugin: 'idea' apply plugin: 'org.springframework.boot' apply plugin: "no.nils.wsdl2java" apply plugin: 'jacoco' apply plugin: "org.sonarqube" dependencies {     compile("org.springframework.boot:spring-boot-starter-web")     compile("org.springframework.boot:spring-boot-starter-batch")     compile("org.springframework.boot:spring-boot-starter-mail")     //compile("org.springframework.boot:spring-boot-devtools")     compile group: 'org.apache.commons', name: 'commons-lang3', version: '3.5'     compile group: 'org.apache.cxf', name: 'cxf-spring-boot-starter-jaxws', version: '3.1.10'     compile group: 'org.apache.cxf', name: 'cxf-rt-ws-security', version: '3.1.10'     compile("org.springframework.boot:spring-boot-starter-actuator")     testCompile('org.springframework.boot:spring-boot-starter-test') } 

Controller

@Controller @EnableAutoConfiguration @EnableBatchProcessing public class MyController {     @Autowired     JobLauncher jobLauncher;      @RequestMapping("/ExecuteJob")     @ResponseBody     public String callPrelegalJob(@RequestParam("user") String userName, @RequestParam("password") String password) {         log.info("Job is to be launched from controller..."); } } 
like image 375
sunleo Avatar asked Jul 21 '17 07:07

sunleo


People also ask

How do I bypass spring boot security?

In Spring Boot 2, if we want our own security configuration, we can simply add a custom WebSecurityConfigurerAdapter. This will disable the default auto-configuration and enable our custom security configuration.

Is Spring Security necessary?

Spring Security is probably the best choice for your cases. It became the de-facto choice in implementing the application-level security for Spring applications. Spring Security, however, doesn't automatically secure your application. It's not a kind of magic that guarantees a vulnerability-free app.


1 Answers

In the current version of Spring Boot (v2.1.0.RELEASE), the easiest way to get rid of the security issues is to add "WebSecurityConfig.java" to your project as follows:

import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  @EnableWebSecurity @Configuration public class WebSecurityConfig extends WebSecurityConfigurerAdapter {      @Override     protected void configure(HttpSecurity http) throws Exception {         http.csrf().disable();     }  } 

Note of course that this removes protection against cross-site request forgery, so this is really only appropriate for simple read-only endpoints.

like image 173
trevorsky Avatar answered Sep 20 '22 20:09

trevorsky