First, I am a complete noob when it comes to Spring. An application was left to me to work on by a colleague who is now on vacation. He told me to leave security alone, as the final approach is not decided yet, and just develop the rest of the application.
However security is enabled and prevents access to the main web page. I've checked several documents including
Disable Spring Security from spring-security.xml file
Disable Basic Authentication while using Spring Security Java configuration
http://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-security.html
http://docs.spring.io/spring-boot/docs/current/reference/html/howto-security.html
without finding an answer that works.
I did the following:
Added index.html to <welcome-file-list> in web.xml. This directs me to the login page which was already included in the package I took over. So, I figured I could simply disable security.
In the spring security.xml added the attribute security="none". Now I no longer get the login page. I get a blank page.
In web.xml disabled
<!-- <filter> -->
<!-- <filter-name>springSecurityFilterChain</filter-name> -->
<!-- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> -->
<!-- </filter> -->
<!-- <filter-mapping> -->
<!-- <filter-name>springSecurityFilterChain</filter-name> -->
<!-- <url-pattern>/*</url-pattern> -->
<!-- </filter-mapping> -->
Still get blank page.
I see lots of other advice, but it assumes a lot more Spring knowledge than I currently have.
For example in the 4th link above I see:
If you define a @Configuration with @EnableWebSecurity anywhere in your application it will switch off the default webapp security settings in Spring Boot.
I don't know what they mean. I assume this means to put these annotations on some method somewhere, but I can't believe that this can go ANYWHERE in any java class in the application. Is there an example of doing this?
Can someone point me in the correct direction? Thanks.
