How to override Spring Security default configuration in Spring Boot

Question

I have a little problem with Spring Boot. I really like Spring Boot, it\'s very convinient tool, which allow me to focus on logic implementation instead of beans configurati

Answer 1

Ok I found the solution for security configure settings (not AuthenticationManager).

First of all, according to Spring Boot dot, we have to add @EnableWebSecurity annotation.

Second of all, we have to override configure method WITH @Override annotation AND super.configure(http) at the end of the method.

So the working configuration code looks like this:

 @Configuration
@EnableWebSecurity //Very important!
@EnableGlobalMethodSecurity(securedEnabled = true)
@Profile("dev")
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override //Very important!
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
        .antMatchers("/app/user/*").hasAnyRole("USER", "ADMIN")
        .antMatchers("/app/posts/*").hasAnyRole("USER", "ADMIN")
        .antMatchers("/app/*").permitAll()
        .and()
        .formLogin()
            .loginPage("/app/")
            .loginProcessingUrl("/login")
            .usernameParameter("username")
            .defaultSuccessUrl("/app/", true)
        .and()
        .logout()
            .logoutUrl("/app/logout")
        .and()
        .csrf()
        .and()
        .exceptionHandling()
            .accessDeniedPage("/app/forbidden");
        super.configure(http); //Very important!
    }
}

Now my configurations is loading, and works properly.