ddd ddd - 1 year ago 310
reST (reStructuredText) Question

How to turn off Spring Security in Spring Boot Application

I have implemented authentication in my Spring Boot Application with Spring Security.

The main class controlling authentication should be websecurityconfig:

@PropertySource(value = { "classpath:/config/application.properties" })
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

private RestAuthenticationSuccessHandler authenticationSuccessHandler;
private RestAuthenticationEntryPoint restAuthenticationEntryPoint;

protected void configure(HttpSecurity http) throws Exception {
.failureHandler(new SimpleUrlAuthenticationFailureHandler());

Since I am doing OAuth, I have
as well. My main application class looks like this:

public class RistoreWebApplication extends SpringBootServletInitializer
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
public void addCorsMappings(CorsRegistry registry) {
public static void main( String[] args )
SpringApplication.run(RistoreWebApplication.class, args);

protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(RistoreWebApplication.class);

Since we are doing code consolidation, we need to turn off authentication temporarily. However, I tried the following methods and nothing seems to work. I am still getting 401 when I hit these rest api urls.

  1. Comment out all the annotations in classes related to security including
    . In Spring boot Security Disable security, it was suggested at the bottom adding
    will DISABLE auth which I don't think make any sense. Tried it anyway, did not work.

  2. Modify websecurityconfig by removing all the security stuff and only do

Disable Basic Authentication while using Spring Security Java configuration. Does not help either.

  1. Remove security auto config

    @EnableAutoConfiguration(exclude = {

like what they did in disabling spring security in spring boot app. However I think this feature only works with
which I don't have. So didn't try this.

What is the correct way disable spring security?

Answer Source

As @Maciej Walkowiak mentioned, you should do this for your main class:

@SpringBootApplication(exclude = org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class)
public class MainClass {
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download