How do i disable Spring security while developing?

Question

im developing a server with spring boot. I have all of spring security setup, but for the sake of testing i want to deactivate it so its easier to test. I just went on and commented the @Configuration annotation in the class and eventually all 3 im using that i build for spring security.

//@Configuration
//@EnableWebSecurity
//@EnableGlobalMethodSecurity(securedEnabled = true, jsr250Enabled = true, prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserService service;
    
    @Autowired
    private LogRepository logs;
    
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .authorizeRequests()
            .antMatchers(HttpMethod.POST, "/rest/user/register").permitAll()
            .antMatchers(HttpMethod.PUT, "/rest/user/login").permitAll()
            .antMatchers(HttpMethod.DELETE, "/rest/user/logout").permitAll()
            .antMatchers("/rest/").authenticated()
            .anyRequest().permitAll().and()
            .addFilterBefore(new LoginFilter("/rest/user/login", super.authenticationManagerBean(), service, logs), BasicAuthenticationFilter.class)
            .addFilterBefore(new RegisterFilter("/rest/user/register", super.authenticationManagerBean(), service), BasicAuthenticationFilter.class)
            .addFilterBefore(new LogoutFilter("/rest/user/logout", logs), BasicAuthenticationFilter.class)
            .addFilterBefore(new ValidationFilter(service), BasicAuthenticationFilter.class);
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(service).passwordEncoder(new SHA512PasswordEncoder());
    }
    
    class SHA512PasswordEncoder implements PasswordEncoder {

        @Override
        public String encode(CharSequence rawPassword) {
            return DigestUtils.sha512Hex(rawPassword.toString());
        }

        @Override
        public boolean matches(CharSequence rawPassword, String encodedPassword) {
            return DigestUtils.sha512Hex(rawPassword.toString()).equals(encodedPassword);
        }
        
    }
}

For some reason however, when i do this, this shows up in spring console:

==========================
CONDITION EVALUATION DELTA
==========================


Positive matches:
-----------------

   ManagementWebSecurityAutoConfiguration matched:
      - @ConditionalOnClass found required class 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter' (OnClassCondition)
      - found 'session' scope (OnWebApplicationCondition)
      - @ConditionalOnMissingBean (types: org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; SearchStrategy: all) did not find any beans (OnBeanCondition)

Is there a way that i can just "turn off" spring security for testing then reactivating it for the live version?

score 0 · Answer 1 · edited Aug 17 '20 at 20:12

There are many ways to accomplish that, following are few:

by using annotation @AutoConfigureMockMvc(addFilters = false)in your test class. Example:

@EnableWebMvc
@AutoConfigureMockMvc(addFilters = false)
public class DummyControllerTest {
    //your tests
}

Using profile in your configuration i.e:

i) Add annotation @Profile(value = {"development", "production"}) to the implementation of WebSecurityConfigurerAdapter, then in in test/resources, create application-test.yml to define properties for test profile and add this
```
security:basic:enabled: false
```
ii) Add this to you test file @ActiveProfiles(value = "test")

How do i disable Spring security while developing?

1 Answers1