Spring Security Configuration in Spring Boot

StackOverflow https://stackoverflow.com/questions/21171265

Question

I am working on converting a Spring 3 project to Spring 4 + Spring Boot. I don't know whether it is a right thing to do or not yet. I convert the Spring Security XML configuration to a Java based configuration as the following:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/", "/home").permitAll()
            .anyRequest().authenticated();
    http.formLogin()
            .defaultSuccessUrl("/afterLogin")
            .loginPage("/profiles/lognin/form")
            .failureUrl("/accessDenied")
            .and()
            .authorizeRequests()
            .regexMatchers("....")
            .hasRole("ROLE_USER")
            .antMatchers("....")
            .hasRole("ROLE_USER")
            //....
            ;
}

@Override
protected void configure(AuthenticationManagerBuilder authManagerBuilder)
        throws Exception {
           authManagerBuilder.authenticationProvider(this.getDaoAuthenticationProvider());
}
   // ....
}

I get the Spring Security default login popup panel when I hit the home URL. It seem to me that the above configuration doesn't take effect, but the default Spring Security configuration in Spring Boot doesn't. If so, how to override the default one?

Was it helpful?

Solution

I found the answer. I need to create a file called application.properties with the following line:

security.basic.enabled=false

and place this file under src/main/resource. That is it.

OTHER TIPS

Configure your spring like that.

protected void configure(HttpSecurity http) throws Exception {

    http
                .csrf()
            .and()
                .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
                .exceptionHandling()
            .and()
                .rememberMe()
            .and()
                .formLogin()
                .loginProcessingUrl("/user")   // rest apiyi yaz.
                //.usernameParameter("username")
                //.passwordParameter("password")
                .permitAll()
            .and()
                .logout()
                //.logoutUrl("/api/logout")
                //.deleteCookies("JSESSIONID", "CSRF-TOKEN")
                .permitAll()
            .and()
                .headers()
                .frameOptions()
                .disable()
                .authorizeRequests()
                .antMatchers("/login").permitAll()
                .antMatchers("/#/dashboard/home").permitAll()
            ;



}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top