samrat bhattacharjee
samrat bhattacharjee

Reputation: 21

Disable webflux security

Is there a way to disable the security of web-flux security by some configuration or by pom modification. For now I have disable it using

  @Bean  public SecurityWebFilterChain securityWebFilterChain(final ServerHttpSecurity httpSecurity) {
return httpSecurity
        .authorizeExchange().anyExchange().permitAll().and()
        .build();  }

Is this the best way to do it in a production environment? Whenever I add dependency to read value from config server spring security comes in the class path and the pop appears. I dont want the security as we have our own security in place.

Upvotes: 2

Views: 6880

Answers (2)

gruerei
gruerei

Reputation: 1

This is what I had to use to disable WebFlux Security AutoConfiguration so that the Basic Auth was not included by default with Spring Security.

import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.security.reactive.ReactiveUserDetailsServiceAutoConfiguration;

@SpringBootApplication(exclude = {ReactiveUserDetailsServiceAutoConfiguration.class})

Upvotes: 0

Ciaran George
Ciaran George

Reputation: 613

You could use a configuration / profile class that will only be run in a certain context, for example:

@Configuration
@Profile("dev")
public class SecurityConfig {
    @Bean
    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
        return http.authorizeExchange().anyExchange().permitAll().and().build();  
    }

}

Then if you want this to be run as part of your app you can run:

mvn spring-boot:run -Dspring-boot.run.profiles=dev

Or you can include it in a properties/yaml file. Hope this helps.

Upvotes: 5

Related Questions