java – Why Spring Security application redirects to login page though we dont provide spring security configuration?

java – Why Spring Security application redirects to login page though we dont provide spring security configuration?

According to the Spring Security documentation, the WebSecurityConfigurerAdapter class provides the following default configuration:

protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .and()
        .httpBasic();
}

To override these defaults, write your own WebSecurityConfig such as:

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // Your own rules
    }
}
  • If you want to disable temporary spring security, add the annotation @SpringBootApplication(exclude = {SecurityAutoConfiguration.class}) in your spring main class

    @SpringBootApplication(exclude = {SecurityAutoConfiguration.class})
    public class DemoApplication
    {
    public static void main(String[] args)
    {
        SpringApplication.run(DemoApplication.class, args);
    }
    }
    
  • Another solution is to override the default configuration by extending the
    class

    @Configuration
    @EnableWebSecurity
    public class BasicConfiguration extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
      //customize the configs
    }
    }
    
  • Finally, if you do not need security in your project, remove the spring security dependency in the pom.xml file.

java – Why Spring Security application redirects to login page though we dont provide spring security configuration?

Leave a Reply

Your email address will not be published. Required fields are marked *