Security configuration with Spring-boot

Per the docs you have disabled the spring boot autoconfig in the first example by using @EnableWebSecurity, so you would have to explicitly ignore all the static resources manually. In the second example you simply provide a WebSecurityConfigurer which is additive on top of the default autoconfig.

Create a Configuration file that extends WebSecurityConfigurerAdapter and annotate the class with @EnableWebSecurity

You can override methods like configure(HttpSecurity http) to add basic security like below

@Configuration
@EnableWebSecurity
public class AppWebSecurityConfigurer extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {    
        http
            .csrf().disable()
            .authorizeRequests()
                .anyRequest().permitAll();
        }
}

Security configuration with Spring-boot

Tags:

Java

Spring Mvc

Spring Security

Spring Boot

Related

Recent Posts