I did not use Spring Security but it is asking me to authenticate.
Exception for URL(http://localhost:8080/SpringJob/ExecuteJob):
{ "timestamp": 1500622875056, "status": 401, "error": "Unauthorized", "message": "Bad credentials", "path": "/SPPA/ExecuteSPPAJob" } ----below log details 2017-07-21 13:15:35.210 INFO 19828 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/SpringJob] : Initializing Spring FrameworkServlet 'dispatcherServlet' 2017-07-21 13:15:35.210 [http-nio-8080-exec-1] INFO o.a.c.c.C.[.[localhost].[/SpringJob]-Initializing Spring FrameworkServlet 'dispatcherServlet' 2017-07-21 13:15:35.211 INFO 19828 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization started 2017-07-21 13:15:35.211 [http-nio-8080-exec-1] INFO o.s.web.servlet.DispatcherServlet-FrameworkServlet 'dispatcherServlet': initialization started 2017-07-21 13:15:35.494 INFO 19828 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization completed in 282 ms 2017-07-21 13:15:35.494 [http-nio-8080-exec-1] INFO o.s.web.servlet.DispatcherServlet-FrameworkServlet 'dispatcherServlet': initialization completed in 282 ms
application-dev.xml
#Spring Boot based configurations management.security.enabled: "false" spring.autoconfigure.exclude: "org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration" spring.batch.job.enabled: false server.contextPath: /SpringJob
build.gradle snippet
plugins { id 'jacoco' id 'org.sonarqube' version '2.5' } apply plugin: 'java' apply plugin: 'eclipse' apply plugin: 'idea' apply plugin: 'org.springframework.boot' apply plugin: "no.nils.wsdl2java" apply plugin: 'jacoco' apply plugin: "org.sonarqube" dependencies { compile("org.springframework.boot:spring-boot-starter-web") compile("org.springframework.boot:spring-boot-starter-batch") compile("org.springframework.boot:spring-boot-starter-mail") //compile("org.springframework.boot:spring-boot-devtools") compile group: 'org.apache.commons', name: 'commons-lang3', version: '3.5' compile group: 'org.apache.cxf', name: 'cxf-spring-boot-starter-jaxws', version: '3.1.10' compile group: 'org.apache.cxf', name: 'cxf-rt-ws-security', version: '3.1.10' compile("org.springframework.boot:spring-boot-starter-actuator") testCompile('org.springframework.boot:spring-boot-starter-test') }
Controller
@Controller @EnableAutoConfiguration @EnableBatchProcessing public class MyController { @Autowired JobLauncher jobLauncher; @RequestMapping("/ExecuteJob") @ResponseBody public String callPrelegalJob(@RequestParam("user") String userName, @RequestParam("password") String password) { log.info("Job is to be launched from controller..."); } }
In Spring Boot 2, if we want our own security configuration, we can simply add a custom WebSecurityConfigurerAdapter. This will disable the default auto-configuration and enable our custom security configuration.
Spring Security is probably the best choice for your cases. It became the de-facto choice in implementing the application-level security for Spring applications. Spring Security, however, doesn't automatically secure your application. It's not a kind of magic that guarantees a vulnerability-free app.
In the current version of Spring Boot (v2.1.0.RELEASE), the easiest way to get rid of the security issues is to add "WebSecurityConfig.java" to your project as follows:
import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; @EnableWebSecurity @Configuration public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); } }
Note of course that this removes protection against cross-site request forgery, so this is really only appropriate for simple read-only endpoints.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With