Spring Boot 2.2.4 - disable security
Question
I found a massive amount of blog posts and questions on stackoverflow on how to disable security in spring boot - but none of it seems to work with spring boot 2.2.4.
I'm asking because I want to configuratively disable security for my dev and test profile so that we can deploy without generating jwt tokens all the time.
The most promising approach from my perspective is to exclude the SecurityAutoConfiguration class via the properties file but as said the exclusion has no effect.
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
The other properties such as management.security.enabled seem to be deprecated.
2 answers
solution1
3 ACCPTED 2020-02-28 11:12:07
I found a working solution in the spring boot github issues.
Disable security for the entire application:
@SpringBootApplication ( exclude = {SecurityAutoConfiguration.class} )
@Import(MySecurityConfiguration.class)
public class MyApplication{
}
... and enable via parameter in the security configuration:
@Configuration
@ConditionalOnProperty ( "my.security.enabled" )
@Import ( SecurityAutoConfiguration.class
public class MySecurityConfiguration extends WebSecurityConfigurerAdapter {
}
Source: https://github.com/spring-projects/spring-boot/issues/12323#issuecomment-370519882
solution2
0 2020-02-27 12:49:56
You could create a WebSecurityConfigurerAdapter Bean for your profile containing following overriden method implementation, to exclude all endpoints from spring security:
@Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers(
"/**"
);
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.