Reputation: 555
Disabling authentication in “OAUTH2” enabled boot application
How to disable authentication in “OAUTH2” enabled spring-boot application? This is often required for testing or during build phase.
Upvotes: 5
Views: 8357
Answers (1)
Reputation: 555
This is a valid scenario when we want to do the testing/build and we don’t have OAuth2 token available on the fly. Below are the steps to be followed:
Create a YAML file without OAuth2 configuration (i.e.
application-{profile_name}.yml) and add below properties in it:Security.ignored = /** security.basic.enable=falseAdd a class which is bypassing HTTP/S requests authorization. Note: This class should have same profile name (i.e.
{profile_name}).@Profile({"profile_name"}) public class DisableOAuth2Config { @Bean public ResourceServerConfigurer resourceServerConfigurer() { return new ResourceServerConfigurerAdapter() { @Override public void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/**").permitAll(); } }; } }Provide
ProfileinSecurityConfigurationclass where we still want to have security.@Profile({"local","dev","aws"}), This will differentiate profiles for both enabled/disabled security.Note: Please check annotations
@EnableResourceServe,@EnableWebSecurityand@EnableGlobalMethodSecurity(prePostEnabled = true). They should be available only inSecurityConfigurationclass. Not multiple places and not inSpringBootclass.
Upvotes: 3
Related Questions
- How to disable spring-boot-starter-oauth2-resource-server login page
- Skip OAuth user approval in Spring Boot OAuth2
- Spring Boot 2.0.0 + OAuth2
- Spring boot 2.0.3 + Security + Oauth2 autoconfigure
- OAuth2 With Spring Boot Unauthorized (401) Response
- Spring boot 1.5 disable oauth2 security
- Disable/enable OAuth2 without two security configurations
- Springboot2 and oauth
- Springboot with Spring OAuth2
- exclude spring oauth2 configuration