Spring Security Configuration in Spring Boot

StackOverflow https://stackoverflow.com/questions/21171265

Question

I am working on converting a Spring 3 project to Spring 4 + Spring Boot. I don't know whether it is a right thing to do or not yet. I convert the Spring Security XML configuration to a Java based configuration as the following:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/", "/home").permitAll()
            .anyRequest().authenticated();
    http.formLogin()
            .defaultSuccessUrl("/afterLogin")
            .loginPage("/profiles/lognin/form")
            .failureUrl("/accessDenied")
            .and()
            .authorizeRequests()
            .regexMatchers("....")
            .hasRole("ROLE_USER")
            .antMatchers("....")
            .hasRole("ROLE_USER")
            //....
            ;
}

@Override
protected void configure(AuthenticationManagerBuilder authManagerBuilder)
        throws Exception {
           authManagerBuilder.authenticationProvider(this.getDaoAuthenticationProvider());
}
   // ....
}

I get the Spring Security default login popup panel when I hit the home URL. It seem to me that the above configuration doesn't take effect, but the default Spring Security configuration in Spring Boot doesn't. If so, how to override the default one?

Était-ce utile?

La solution

I found the answer. I need to create a file called application.properties with the following line:

security.basic.enabled=false

and place this file under src/main/resource. That is it.

Autres conseils

Configure your spring like that.

protected void configure(HttpSecurity http) throws Exception {

    http
                .csrf()
            .and()
                .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
                .exceptionHandling()
            .and()
                .rememberMe()
            .and()
                .formLogin()
                .loginProcessingUrl("/user")   // rest apiyi yaz.
                //.usernameParameter("username")
                //.passwordParameter("password")
                .permitAll()
            .and()
                .logout()
                //.logoutUrl("/api/logout")
                //.deleteCookies("JSESSIONID", "CSRF-TOKEN")
                .permitAll()
            .and()
                .headers()
                .frameOptions()
                .disable()
                .authorizeRequests()
                .antMatchers("/login").permitAll()
                .antMatchers("/#/dashboard/home").permitAll()
            ;



}
Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top