6

I am working on converting a Spring 3 project to Spring 4 + Spring Boot. I don't know whether it is a right thing to do or not yet. I convert the Spring Security XML configuration to a Java based configuration as the following:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
 http.authorizeRequests().antMatchers("/", "/home").permitAll()
 .anyRequest().authenticated();
 http.formLogin()
 .defaultSuccessUrl("/afterLogin")
 .loginPage("/profiles/lognin/form")
 .failureUrl("/accessDenied")
 .and()
 .authorizeRequests()
 .regexMatchers("....")
 .hasRole("ROLE_USER")
 .antMatchers("....")
 .hasRole("ROLE_USER")
 //....
 ;
}
@Override
protected void configure(AuthenticationManagerBuilder authManagerBuilder)
 throws Exception {
 authManagerBuilder.authenticationProvider(this.getDaoAuthenticationProvider());
}
 // ....
}

I get the Spring Security default login popup panel when I hit the home URL. It seem to me that the above configuration doesn't take effect, but the default Spring Security configuration in Spring Boot doesn't. If so, how to override the default one?

AdrieanKhisbe
4,0668 gold badges40 silver badges45 bronze badges
asked Jan 16, 2014 at 19:39
2
  • antMatchers have been changed to requestMatchers in third version for related dependency. Commented Oct 5, 2024 at 8:43
  • after the version 5.8. there are in pre-5.8 and post-5.8 approaches. stackoverflow.com/questions/18348267 Commented Oct 6, 2024 at 14:10

2 Answers 2

9

I found the answer. I need to create a file called application.properties with the following line:

security.basic.enabled=false

and place this file under src/main/resource. That is it.

Jerry U
63610 silver badges22 bronze badges
answered Jan 17, 2014 at 5:34
Sign up to request clarification or add additional context in comments.

Comments

0

Configure your spring like that.

protected void configure(HttpSecurity http) throws Exception {
 http
 .csrf()
 .and()
 .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
 .exceptionHandling()
 .and()
 .rememberMe()
 .and()
 .formLogin()
 .loginProcessingUrl("/user") // rest apiyi yaz.
 //.usernameParameter("username")
 //.passwordParameter("password")
 .permitAll()
 .and()
 .logout()
 //.logoutUrl("/api/logout")
 //.deleteCookies("JSESSIONID", "CSRF-TOKEN")
 .permitAll()
 .and()
 .headers()
 .frameOptions()
 .disable()
 .authorizeRequests()
 .antMatchers("/login").permitAll()
 .antMatchers("/#/dashboard/home").permitAll()
 ;
}
answered Dec 28, 2015 at 18:10

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.