发表新帖
发表新帖

Disable Basic Authentication while using Spring Security Java configuration

前端 未结
关注
6 1735
渐次进展
渐次进展 2020-12-01 12:55

I am trying to secure a web application using Spring Security java configuration.

This is how the configuration looks:-
相关标签:
6条回答
  • 没有蜡笔的小新
    2020-12-01 13:13

    You can disable the formLogin through the HttpSecurity instance as follow:

    http.authorizeRequests().antMatchers("/public/**").permitAll()
        .antMatchers("/api/**").hasRole("USER")
        .anyRequest().authenticated() 
        .and().formLogin().disable();

    This will lead receiving 403 Http error when trying to access any secured resource

    0 讨论(0)
  • 野性不改
    2020-12-01 13:18

    First of all, calling super.configure(http); will override whole your configuration you have before that.

    Try this instead:

    http
    .authorizeRequests()
        .anyRequest().authenticated()
        .and()
    .formLogin()
        .and()
    .httpBasic().disable();
    0 讨论(0)
  • 猫巷女王i
    2020-12-01 13:29

    The following worked for me:

                http
                .authorizeRequests()
                .anyRequest().permitAll();
    0 讨论(0)
  • 囚心锁ツ
    2020-12-01 13:31

    In case you use Spring Boot, the documentation states:

    To switch off the Boot default configuration completely in a web application you can add a bean with @EnableWebSecurity

    So if you want to fully customize itself that might be an option.

    Just to make it clear... You just need to put @EnableWebSecurity annotation on your main application class or application configuration class.

    0 讨论(0)
  • 故里飘歌
    2020-12-01 13:31

    Anonymous option worked for me. My code like

      http.csrf().disable().headers().frameOptions().sameOrigin().and().
   authorizeRequests().anyRequest().anonymous().and().httpBasic().disable();
    0 讨论(0)
  • 猫巷女王i
    2020-12-01 13:31

    Suitable for Spring Boot or folks using OAuth

    @Profile("test")
@EnableWebSecurity
static class BasicWebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable().authorizeRequests().anyRequest().anonymous().and().httpBasic().disable();
    }
}

    If you are using @EnableOAuth2Client or @EnableResourceServer, then in test profile switch to basic auth and then disable the same. In Spring Boot,to switch off the spring security default configuration completely in a web application you need to add a bean with @EnableWebSecurity

    0 讨论(0)
 看不清?
提交回复
热议问题