4

I'm using spring-boot-security for basic authentication on my @RestController endpoints, as follows:

pom.xml:

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>

application.properties:

security.user.name=user
security.user.password=pass

Question: how can I disable the basic auth in development, and only enable it if a specific profile is active using startup parameter -Dspring.profiles.active=production.

I would like to move the properties above into application-production.properties. And in dev there should not be any auth on the endpoints.

membersound
  • 81,582
  • 193
  • 585
  • 1,120
  • 1
    From a security perspective, do it the other way around. Always enable security and disable for the dev profile... (You don't want to accidentally run unsecured in production!). Just add an `application-dev.properties` which disables security with `security.basic.enabled=false`. – M. Deinum May 15 '17 at 07:39
  • http://stackoverflow.com/questions/25639188/disable-basic-authentication-while-using-spring-security-java-configuration – soorapadman May 15 '17 at 07:39
  • @M.Deinum great, would you add this as an answer so I can accept it? That's what I was looking for, without having to add any code. – membersound May 15 '17 at 07:42

1 Answers1

2

From a security perspective you probably want to do the opposite. Enable security by default and disable when running with a dev profile. Which is actually pretty easy to do add an application-dev.properties (assuming your profile is named dev.

Add the following to the file

security.basic.enabled=false

And for dev start with the profile enabled.

M. Deinum
  • 115,695
  • 22
  • 220
  • 224
  • 1
    Guys, this property is deprecated since Boot 2.x. Check detail info -> https://stackoverflow.com/q/49717573/4729203 – wonsuc Dec 16 '20 at 02:38