Comments (5)
It is expected that the SecurityAutoConfiguration
would provide some defaults that you might otherwise have to provide in your own configuration. You can always disable the SecurityAutoConfiguration
(by excluding it in @EnableAutoConfiguration
), but I'd rather hear the details and try and see how to change things if necessary. You might need to describe your use case in a bit more detail to see if we need to explicitly support it or not.
from spring-boot.
essentially, i followed the securing-web guide and got a security config like this (groovy):
@Configuration
@EnableWebSecurity
class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/login").permitAll()
.antMatchers("/dummy").permitAll()
.antMatchers("/secured").hasRole("USER")
.anyRequest().authenticated()
http.formLogin()
.defaultSuccessUrl("/secured")
.loginPage("/login")
http.logout().permitAll()
}
}
now if i add the dependency for spring-boot-starter-actuator in my gradle build, the app is asking for basic auth under any url...
thanks, zyro
from spring-boot.
Right, that's because your configurator callback is unordered, while the SecurityAutoConfiguration
contains one that has @Order(Ordered.LOWEST_PRECEDENCE - 5)
. I suggest maybe you add @Order(Ordered.LOWEST_PRECEDENCE - 10)
to yours.
from spring-boot.
oh well... i spotted the option for ordering but thought "last wins" with the highest precedence being last :/
i will give @Order(Ordered.LOWEST_PRECEDENCE - 10)
a spin in a few hours and comment here if i succeeded - then this could be closed of course.
thanks for the quick help!
from spring-boot.
works. thanks again. closed.
from spring-boot.
Related Issues (20)
- Clarify that all named properties must match for @ConditionalOnProperty to match HOT 2
- Getting 500 instead of 404 with integration tests when updating from Spring Boot 3.1.x to to 3.2.4 HOT 6
- Bump gradle/wrapper-validation-action from 2.1.1 to 2.1.2
- Bump gradle/wrapper-validation-action from 2.1.1 to 2.1.2
- Remove redundant Regex escapes
- Remove redundant Regex escapes
- Remove redundant Regex escapes
- Verify snapshots once they have been deployed
- Verify snapshots once they have been deployed
- Verify snapshots once they have been deployed
- Upgrade to Gradle Enterprise Conventions 0.0.16
- Reference Guides breadcrumb in page headers is not hyperlinked
- Property `logging.threshold.console` is not effective unless set as Java system property HOT 2
- Executable JAR application startup is much slower after 3.2.0 HOT 5
- bootBuildImage with Podman results in socket connection error HOT 11
- Problem with prometheus metrics and mongodb HOT 4
- Upgrade to Gradle Enterprise Conventions 0.0.16
- Upgrade to Gradle Enterprise Conventions 0.0.16
- Rename Antora component from spring-boot to boot
- Manage antora versions using package.json HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-boot.