When I use security.basic.enabled=false to disable security on a Spring Boot project that has the following dependencies:

    <dependency>

        <groupId>org.springframework.boot</groupId>

        <artifactId>spring-boot-starter-web</artifactId>

    </dependency>

    <dependency>

        <groupId>org.springframework.boot</groupId>

        <artifactId>spring-boot-starter-security</artifactId>

    </dependency>

    <dependency>

        <groupId>org.springframework.boot</groupId>

        <artifactId>spring-boot-starter-actuator</artifactId>

    </dependency>

    <dependency>

        <groupId>com.oracle</groupId>

        <artifactId>ojdbc6</artifactId>

    </dependency>

    <dependency>

        <groupId>org.springframework.boot</groupId>

        <artifactId>spring-boot-starter-tomcat</artifactId>

        <scope>provided</scope>

    </dependency>

    <dependency>

        <groupId>org.springframework.boot</groupId>

        <artifactId>spring-boot-starter-test</artifactId>

        <scope>test</scope>

    </dependency>

I see the following Exception:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.boot.actuate.autoconfigure.ManagementSecurityAutoConfiguration$ManagementWebSecurityConfigurerAdapter': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.setObjectPostProcessor(org.springframework.security.config.annotation.ObjectPostProcessor); nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [org.springframework.security.config.annotation.ObjectPostProcessor] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {}

In order to fix this exception I had to add the property - management.security.enabled=false . My understanding is that when the actuator is in the classpath, both security.basic.enabled=false and management.security.enabled=false should be set to disable the security.

Could someone please let me know if my understanding is wrong?

asked May 27 '14 at 16:03
user3600073

1631211
 
1  
Why do you need security on your classpath if you just want to disable everything? Anyway, your stack trace is incomplete so there is no way to know what was preventing the app from starting. I would expect it would start, but the actuator endpoints should stay secure until you explicitly open them up. – Dave Syer May 27 '14 at 17:41
    
@DaveSyer I would like to disable security temporarily and also my application code refers security jars to work. – Stackee007 Feb 19 '15 at 21:36
    
You still haven't posted enough information to see why the app isn't starting. A full stack trace would be a start. – Dave Syer Feb 20 '15 at 8:41
1  
@DaveSyer One reason would be a microservice managing spring-sec-oauth2 ClientDetails. You'll have a transitive import of spring-security but maybe don't want basic auth in your service. – Dirk LachowskiOct 23 '15 at 15:52

4 Answers

In case you have spring-boot-actuator in your package, you should add the following

@EnableAutoConfiguration(exclude = {

        org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class,

        org.springframework.boot.actuate.autoconfigure.ManagementWebSecurityAutoConfiguration.class})

With older Spring-boot, the class was called ManagementSecurityAutoConfiguration.

answered Dec 9 '14 at 22:07
Varesh

468613
 
3  
In Spring boot 1.3 the name seems to have changed to ManagementWebSecurityAutoConfiguration. – James Nov 25 '15 at 15:12
    
Thanks @James for pointing out, I have mentioned this in the answer now. – Varesh Dec 17 '15 at 9:25
 

What also seems to work fine is creating a file application-dev.properties that contains:

security.basic.enabled=false

management.security.enabled=false

If you then start your Spring Boot app with the dev profile, you don't need to log on.

answered Dec 8 '15 at 7:48
Wim Deblauwe

6,59743988
 

If you need security as a dependency but don't want Spring Boot to configure it for you, you can use this exclusion:

    @EnableAutoConfiguration(exclude = {

        org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class

    })
answered Aug 5 '14 at 12:33
gyoder

1,18211223
 
    
Work perfectly for me. FYI - My app depends on security jars but I would like to temporarily disable security – Stackee007 Feb 19 '15 at 21:42

In order to avoid security you can use annotations. Use this annotation on top of configure class:

@EnableWebSecurity

For example:

@EnableWebSecurity

@Configuration

public class AuthFilter{

   // configured method

}

Spring boot Security Disable security的更多相关文章

  1. spring boot系列03--spring security (基于数据库)登录和权限控制(下)

    (接上篇) 后台 先说一下AuthConfig.java Spring Security的主要配置文件之一 AuthConfig 1 @Configuration 2 @EnableWebSecuri ...

  2. spring boot系列03--spring security (基于数据库)登录和权限控制(上)

    这篇打算写一下登陆权限验证相关 说起来也都是泪,之前涉及权限的比较少所以这次准备起来就比较困难. 踩了好几个大坑,还好最终都一一消化掉(这是废话你没解决你写个什么劲

  3. spring boot中实现security错误信息本地化

    一.修改messages.properties 找源码中的messages.properties,复制一份放在classpath下,修改你要修改的内容 AbstractUserDetailsAuthe ...

  4. How to use JDBC-Authentication of Spring Boot/Spring Security with Flyway

    java.lang.IllegalStateException: Failed to load ApplicationContext at org.springframework.test.conte ...

  5. spring boot之security

    上一节的时候,我们打开了springboot的端点,有一些数据是非常敏感的,比如/shutdown. 这一节,我们要给一些敏感信息加上权限控制. spring boot本身的security模块就很好 ...

  6. Spring Boot中使用 Spring Security 构建权限系统

    Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架.它提供了一组可以在Spring应用上下文中配置的Bean,为应用系统提供声明式的安全 ...

  7. Spring Boot整合Spring Security

    Spring Boot对于该家族的框架支持良好,但是当中本人作为小白配置还是有一点点的小问题,这里分享一下.这个项目是使用之前发布的Spring Boot会员管理系统重新改装,将之前filter登录验 ...

  8. Spring Boot Security 整合 JWT 实现 无状态的分布式API接口

    简介 JSON Web Token(缩写 JWT)是目前最流行的跨域认证解决方案.JSON Web Token 入门教程 - 阮一峰,这篇文章可以帮你了解JWT的概念.本文重点讲解Spring Boo ...

  9. Spring Boot Security 整合 OAuth2 设计安全API接口服务

    简介 OAuth是一个关于授权(authorization)的开放网络标准,在全世界得到广泛应用,目前的版本是2.0版.本文重点讲解Spring Boot项目对OAuth2进行的实现,如果你对OAut ...

随机推荐

  1. HEAD DETACHED push origin失败问题

    先说HEAD HEAD是一个头指针,通常情况下指向不同的分支,每个分支对应一个commit(准确的说,每个分支对应多个commit,但是只有一个顶层的commit,而commit之间是简单的线性关系. ...

  2. 习题:玛丽卡(SPFA)

    玛丽卡(wikioi1021) [题目描述 ]麦克找了个新女朋友,玛丽卡对他非常恼火并伺机报复.因为她和他们不住在同一个城市,因此她开始准备她的长途旅行.在这个国家中每两个城市之间最多只有一条路相通, ...

  3. C#,一种简单的方式实现滚动鼠标缩放图片,平移

    1.缩放 private void ImageShow_Load(object sender, EventArgs e) { pictureBox1.Load(@"E:\SQ1.jpg&qu ...

  4. 【WC2019笔记】IOI2018 / ACM题目选讲

    哇!济南的 rqy 大佬讲课!就是 $luogu$ 上有名的那位! 上面这句话写错了,请大家无视 XylophoneIOI2018 练习赛 T2题意:交互提有一个 $0\sim n-1$ 的排列,保证 ...

  5. 【转】 Linux中记录终端输出到txt文本文件

    转载: http://blog.csdn.net/tengh/article/details/41823883 一,把命令运行的结果保存到文件当中:用 > 把输出转向就可以了 例子: $ ls ...

  6. vue中通过路由跳转的三种方式

    原文:https://blog.csdn.net/qq_40072782/article/details/82533477 router-view 实现路由内容的地方,引入组件时写到需要引入的地方需要 ...

  7. 上传相同文件名的时候不能触发change事件的解决方案

    方法一 在上传完文件之后,将<input type="file" /> 的值置为null,即可. 方法二 在上传完文件之后替换dom 方法三 在上传完文件之后刷新页面

  8. poj 3311 Hie with the Pie 经过所有点(可重)的最短路径 floyd + 状压dp

    题目链接 题意 给定一个\(N\)个点的完全图(有向图),求从原点出发,经过所有点再回到原点的最短路径长度(可重复经过中途点). 思路 因为可多次经过同一个点,所以可用floyd先预处理出每两个点之间 ...

  9. python进阶学习

    python高级用法 github: https://github.com/cq146637/Advanced     

  10. C++学习(一):现代C++尝试

    C++是一门与时俱进的语言. 早期的C++关注的主要问题是通用性,却没有太多关注易用性的问题,使得C++成为了一门多范式语言,但是使用门槛较高. 从2011开始,C++的标准进行了较大的更新,开始更多 ...