Unable to override spring boot security
Question
I'm trying to override the Spring Boot security configurations. But every time I try to access any URL it gives me the default spring security login page. And also I'm trying to use REST API. Here is my attempt. Please help me resolve the issue. Thank You.
Here is my pom.xml
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.1.RELEASE</version>
<relativePath/>
</parent>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
Here is my Main class
@SpringBootApplication(exclude = {
SecurityAutoConfiguration.class
})
public class ApiGatewayApplication {
public static void main(String[] args) {
SpringApplication.run(ApiGatewayApplication.class, args);
}
}
SecurityConfig.class
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("*"));
configuration.setAllowedHeaders(Arrays.asList("*"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and()
.csrf().disable()
.authorizeRequests()
.antMatchers("/greetings").permitAll()
.and()
.httpBasic()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
}
MyController.class
@RestController
@RequestMapping
public class MyController {
@GetMapping("/greetings")
public String greetings(){
return "Hello World!";
}
}
I also add a property into properties.yml.
spring:
main:
allow-bean-definition-overriding: true
Stuck into Login Page.
localhost:8080/greetings redirect me to localhost:8080/login every time.
2 answers
solution1
0 2020-06-18 05:40:09
you can use java based configuration like this
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity security) throws Exception
{
security.httpBasic().disable();
}
}
or you can simply add in your configure method
.formLogin().disable()
or you can add in you application.properties file or application.yml
security.basic.enabled=false
solution2
0 2020-06-18 08:33:33
As Spring secures each and every request by default when we enable spring security. once if we override the configure method every request has to be handled by the user itself.
@Override protected void configure(HttpSecurity http) throws Exception {
http.cors().and()
.csrf().disable()
.authorizeRequests()
.antMatchers("/greetings").permitAll()
.anyRequest().authenticated()
.and()
.httpBasic()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
include.anyRequest().authenticated() it may works.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.