Hello, how can I disable the functionality of @EnableWebSecurity and @EnableMethodSecurity in the configuration file when they have been added to the project?
Current Behavior After adding @EnableWebSecurity and @EnableMethodSecurity, I customized parameters in the configuration file to disable SpringSecurity. However, SpringSecurity no longer validates my token, but @PreAuthorize is still working. Here is the code.
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http, JwtAuthenticationConverter converter) throws Exception {
if (officeSecurityProperties.isEnable()) {
http.authorizeHttpRequests(
authorize -> authorize
.requestMatchers("/doc.html", "/webjars/**", "/v3/api-docs/**").permitAll()
.anyRequest().authenticated()
)
.oauth2ResourceServer(
oauth2 -> oauth2.jwt(
jwt -> jwt.jwtAuthenticationConverter(converter)
)
);
} else {
http.securityContext(AbstractHttpConfigurer::disable);
}
return http.build();
}
Expected Behavior Consider turning off the automatic injection of 'WebSecurity' and 'MethodSecurity' in the configuration file. In some cases, such as troubleshooting, security checks can cause obstacles for us, but I cannot quickly turn them off. I must remove @EnableWebSecurity and @EnableMethodSecurity, recompile the project, and put it on the server before troubleshooting.
I look forward to your response.
Comment From: jzheaux
Thanks for getting in touch! It feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question and I'll be happy to follow up with your question over there.
Comment From: guoyixing
Thank you for your advice. I have posted the question on StackOverflow.https://stackoverflow.com/questions/77669243
Comment From: jzheaux
Thanks, @guoyixing, I posted an answer.
Comment From: guoyixing
Thanks,I have tried your method and it works very effectively.