App.java
package com.springSecurity; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.context.ApplicationContext; @SpringBootApplication (exclude = {org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class}) //disabling auto configuration public class App { public static void main(String[] args) { ApplicationContext applicationContext = SpringApplication.run(App.class, args); } }
SecurityConfig.java
package com.springSecurity; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; @Configuration @EnableWebSecurity @ConditionalOnProperty (name = "myproject.security.enabled", havingValue = "true", matchIfMissing = true) public class SecurityConfig extends WebSecurityConfigurerAdapter{ @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .withUser("admin").password(passwordEncoder().encode("admin")).roles("ADMIN") // .withUser("admin").password("admin").roles("ADMIN") .and() .withUser("user").password(passwordEncoder().encode("user")).roles("USER"); // .withUser("user").password("user").roles("USER"); } @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .and() .httpBasic(); } @Bean PasswordEncoder passwordEncoder() { // return NoOpPasswordEncoder.getInstance(); return new BCryptPasswordEncoder(); } }
application.properties
server.port=9191 logging.level.org.springframework=DEBUG #Spring Secuity spring.security.user.name=tyson spring.security.user.password=tyson #security.ignored=/** myproject.security.enabled=true #below does not work #spring.security.enabled=false #security.basic.enabled=false #security.ignored=/** #management.security.enabled=false #spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
build.gradle
plugins { id 'java' id 'org.springframework.boot' version '2.0.5.RELEASE' id 'io.spring.dependency-management' version '1.0.7.RELEASE' } repositories { jcenter() } dependencies { implementation 'com.google.guava:guava:28.0-jre' testImplementation 'junit:junit:4.12' implementation 'org.springframework.boot:spring-boot-dependencies:2.0.5.RELEASE' implementation 'org.springframework.boot:spring-boot-starter-web' testImplementation 'org.springframework.boot:spring-boot-starter-test' //Oracle Integration implementation 'com.oracle.ojdbc:ojdbc8:19.3.0.0' implementation 'org.springframework:spring-jdbc:3.2.0.RELEASE' //Spring Security implementation 'org.springframework.boot:spring-boot-starter-security:2.4.4' components { withModule('org.springframework:spring-beans') { allVariants { withDependencyConstraints { it.findAll { it.name == 'snakeyaml' }.each { it.version { strictly '1.19' } } } } } } } bootJar { mainClassName = 'SpringSecurity.App' }
Disabling Spring Security
application.properties
security.ignored=/** myproject.security.enabled=true
Disabling Auto Spring Security Confirg
App.java
@SpringBootApplication (exclude = {org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class})
Reference :
Code
- Github : branch – spring-secuity-with-basic-inmemory-authentication