java – Why Spring Security application redirects to login page though we dont provide spring security configuration?

ByNeal

java – Why Spring Security application redirects to login page though we dont provide spring security configuration?

According to the Spring Security documentation, the WebSecurityConfigurerAdapter class provides the following default configuration:

protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .and()
        .httpBasic();
}

To override these defaults, write your own WebSecurityConfig such as:

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // Your own rules
    }
}

  • If you want to disable temporary spring security, add the annotation @SpringBootApplication(exclude = {SecurityAutoConfiguration.class}) in your spring main class

    @SpringBootApplication(exclude = {SecurityAutoConfiguration.class})
public class DemoApplication
{
public static void main(String[] args)
{
    SpringApplication.run(DemoApplication.class, args);
}
}

  • Another solution is to override the default configuration by extending the
    class

    @Configuration
@EnableWebSecurity
public class BasicConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
  //customize the configs
}
}

  • Finally, if you do not need security in your project, remove the spring security dependency in the pom.xml file.

java – Why Spring Security application redirects to login page though we dont provide spring security configuration?

Leave a Reply

Your email address will not be published. Required fields are marked *