Spring Boot 2.0.x disable security for certain profile

by

You have to add a custom Spring Security configuration, see Spring Boot Reference Guide:

28.1 MVC Security

The default security configuration is implemented in SecurityAutoConfiguration and UserDetailsServiceAutoConfiguration. SecurityAutoConfiguration imports SpringBootWebSecurityConfiguration for web security and UserDetailsServiceAutoConfiguration configures authentication, which is also relevant in non-web applications. To switch off the default web application security configuration completely, you can add a bean of type WebSecurityConfigurerAdapter (doing so does not disable the UserDetailsService configuration or Actuator’s security).

For example:

@Configuration
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(WebSecurity web) throws Exception {
        web
           .ignoring()
               .antMatchers("/**");
    }
}

To use the configuration only for a profile add @Profile to the class. If you want to enable it by property, add ConditionalOnProperty to the class.

More Related Contents:

  1. Filter invoke twice when register as Spring bean
  2. Spring security CORS Filter
  3. Spring Security Configuration – HttpSecurity vs WebSecurity
  4. How to disable ‘X-Frame-Options’ response header in Spring Security?
  5. How to enable HTTP response caching in Spring Boot
  6. 401 instead of 403 with Spring Boot 2
  7. HttpSecurity, WebSecurity and AuthenticationManagerBuilder
  8. Multiple WebSecurityConfigurerAdapter in spring boot for multiple patterns
  9. Spring Security 5 : There is no PasswordEncoder mapped for the id “null”
  10. Securing Spring Boot API with API key and secret
  11. Spring Security HTTP Basic for RESTFul and FormLogin (Cookies) for web – Annotations
  12. How do I disable resolving login parameters passed as url parameters / from the url
  13. How do I add method based security to a Spring Boot project?
  14. What does Cookie CsrfTokenRepository.withHttpOnlyFalse () do and when to use it?
  15. Disable HTTP OPTIONS method in spring boot application
  16. Single role multiple IP addresses in Spring Security configuration
  17. disabling spring security in spring boot app [duplicate]
  18. Disabling a filter for only a few paths
  19. Spring Boot Microservices – Spring Security – ServiceTest and ControllerTest for JUnit throwing java.lang.StackOverflowError
  20. Connection to Db dies after >4
  21. When using Spring Security, what is the proper way to obtain current username (i.e. SecurityContext) information in a bean?
  22. Adding Spring Dependency Injection in JavaFX (JPA Repo, Service)
  23. While using Spring Data Rest after migrating an app to Spring Boot, I have observed that entity properties with @Id are no longer marshalled to JSON
  24. Apparent connection leak detected with Hikari CP
  25. java.lang.OutOfMemoryError: unable to create new native thread error using ChromeDriver and Chrome through Selenium in Spring boot
  26. How to disable spring-data-mongodb autoconfiguration in spring-boot
  27. Best way of handling entities inheritance in Spring Data JPA
  28. Jackson date-format for OffsetDateTime in Spring Boot
  29. Using @RequestParam for multipartfile is a right way?
  30. Spring-Boot @Autowired in main class is getting null

Leave a Comment