Reputation: 21
Is there a way to disable the security of web-flux security by some configuration or by pom modification. For now I have disable it using
@Bean public SecurityWebFilterChain securityWebFilterChain(final ServerHttpSecurity httpSecurity) {
return httpSecurity
.authorizeExchange().anyExchange().permitAll().and()
.build(); }
Is this the best way to do it in a production environment? Whenever I add dependency to read value from config server spring security comes in the class path and the pop appears. I dont want the security as we have our own security in place.
Upvotes: 2
Views: 6880
Reputation: 1
This is what I had to use to disable WebFlux Security AutoConfiguration so that the Basic Auth was not included by default with Spring Security.
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.security.reactive.ReactiveUserDetailsServiceAutoConfiguration;
@SpringBootApplication(exclude = {ReactiveUserDetailsServiceAutoConfiguration.class})
Upvotes: 0
Reputation: 613
You could use a configuration / profile class that will only be run in a certain context, for example:
@Configuration
@Profile("dev")
public class SecurityConfig {
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
return http.authorizeExchange().anyExchange().permitAll().and().build();
}
}
Then if you want this to be run as part of your app you can run:
mvn spring-boot:run -Dspring-boot.run.profiles=dev
Or you can include it in a properties/yaml file. Hope this helps.
Upvotes: 5