1

I'm trying to setup a OAuth2 Resource Server using Spring-Boot. So far this is all working but still the Using default security password: logging shows up which I want to get rid of. This is what my configuration looks like:

@Configuration
@EnableResourceServer
public class OAuthConfiguration extends ResourceServerConfigurerAdapter {
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().authenticated();
        super.configure(http);
    }
}

I already tried to add @EnableWebSecurity, @EnableGlobalMethodSecurity and Force it before and after SecurityAutoConfiguration but nothing seems to help. I also found some post on the net. The suggested config security.basic.enabled=false didn't work for me.

Anyone who knows how this is done correctly?

Mark Rotteveel
  • 100,966
  • 191
  • 140
  • 197
Christian Frommeyer
  • 1,390
  • 1
  • 12
  • 20
  • You may find your answer in [here](https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-security.html) – Sylvester Loreto Sep 27 '17 at 16:32
  • Thanks for the reply. I know this documentation but I wasn't able to get rid of the configuration with the hints from that. Actually the basic authentication doesn't work and my configured OAuth2 authentication does. But the log looks like there was some default security config that could be used to attack the service and even the password logged in plain there. I don't want this to trigger our security department. Therefore it needs to go away. – Christian Frommeyer Sep 28 '17 at 06:00
  • See accepted answer here: https://stackoverflow.com/questions/40228036/how-to-turn-off-spring-security-in-spring-boot-application Worked for me, but I had to use together with `security.basic.enabled=false` property. – Innokenty Jun 21 '18 at 13:26
  • Possible duplicate of [How to turn off Spring Security in Spring Boot Application](https://stackoverflow.com/questions/40228036/how-to-turn-off-spring-security-in-spring-boot-application) – Innokenty Jun 21 '18 at 13:26
  • @Innokenty It's not a duplicate of the mentioned question. I do not want to disable spring security but only get rid of part of the default config. – Christian Frommeyer Jun 22 '18 at 11:12
  • true, but the accepted answer there is not disabling security as a whole, it only disables autoconfig. – Innokenty Jun 22 '18 at 12:15

0 Answers0