CODEWITHSUNDEEP
javaspringauthenticationspring-securityauthorization
khateeb
khateeb

Reputation: 5469

No Authentication and authorization using Spring Security

My project requires that I use Spring Security for CSRF and XSS protection but not to use it for the authentication and authorization. I have configured SS into my application but every time I access a page, it automatically redirects me to it's Login page. How do I disable this? My SecurityConfig file is:

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)
            throws Exception {
    }
}

Upvotes: 6

Views: 11900

Answers (2)

user3247727
user3247727

Reputation: 149

Configure spring security configuration as below along with required spring security dependecies. Get it tested yourself to ensure that it has all that you need.

package org.springframework.security.samples.config;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("**").permitAll().and().csrf()
                .and().headers().frameOptions().sameOrigin().xssProtection();

    }

}

Upvotes: 0

khateeb
khateeb

Reputation: 5469

The SecurityConfig as given below will allow all requests to be not authenticated, but will have the CSRF and XSS guards:

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().permitAll();
    }
}

Upvotes: 4

Related Questions