0

I want to disable spring security in my app and I set the property security.basic.enable=false in the application.yml file.

security:
  basic:
    enabled: false

And I checked the /env using spring-boot-actuator and find it's loaded correctly:(at line 2)

[classpath:/application.yml]":{"spring.datasource.url":"jdbc:mysql://localhost:3306/toe?useUnicode=true&characterEncoding=utf8&allowMultiQueries=true","spring.datasource.username":"root","spring.datasource.password":"******",
"security.basic.enabled":false,
"server.port":7777,"flyway.enabled":false}}

However,the security configuration is still work, I can't access the ones need authenticated, but I can access those are permitAll.

This is the application class:

@SpringBootApplication
@MapperScan("team.xuli.toe.dao")
public class ToeServerApplication {
    public static void main(String[] args) {
        SpringApplication.run(ToeServerApplication.class, args);}
}

This is the securityConfigutaion:

@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfig extends WebSecurityConfigurerAdapter{

  @Override
  protected void configure(HttpSecurity http) throws Exception {
      http.csrf().disable();
      http.httpBasic();
      http.
             authorizeRequests()
             .antMatchers("/hello").permitAll()
             .anyRequest().authenticated();
  }
  @Autowired
  public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
      System.out.println("user added in mem!");
      auth
          .inMemoryAuthentication()
              .withUser("xqf").password("123").roles("ADMIN");
  }
}
Daniel
  • 23
  • 1
  • 5
  • Thanks,I tried to set the property security.ignored=/** and success. There's a similar question https://stackoverflow.com/questions/36280181/disabling-spring-security-in-spring-boot-app – Daniel Apr 06 '16 at 02:23

2 Answers2

0

If you need security as a dependency but don't want Spring Boot to configure it for you, you can use this exclusion:

@EnableAutoConfiguration(exclude = { 
        org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class

    })
varnull
  • 1
  • 3
0

If you define a @Configuration with @EnableWebSecurity anywhere in your application it will switch off the default webapp security settings in Spring Boot.

TheKojuEffect
  • 20,103
  • 19
  • 89
  • 125
  • Thanks, it has been solved. I tried to set the property security.ignored=/** and success. There's a similar question: https://stackoverflow.com/questions/36280181/disabling-spring-security-in-spring-boot-app – Daniel Apr 07 '16 at 01:22