CSRF protection is enabled by default with Java configuration. To disable it: @Configuration public class RestSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .csrf().disable() …; } }
I moved from spring 3.2.0 to 4.0.3 and had to update my javax.servlet dependency (in maven) from servlet 2.5 to servlet 3.0.1. The final dependency was <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.0.1</version> </dependency> Then it worked
We need to add CharacterEncodingFilter before filters who read request properties for the first time. There is securityFilterChain (stands second. after metrica filter) and we can add our filter inside it. The first filter (inside security chain) who reads properties is CsrfFilter, so we place CharacterEncodingFilter before it. The short solution is: @Configuration @EnableWebMvcSecurity public … Read more
Ok, this is strange but it works. Moving the datasources to it’s own configuration class works just fine and one is able to autowire. The example is a multi-datasource version of Spring Batch Service Example: DataSourceConfiguration: public class DataSourceConfiguration { @Value(“classpath:schema-mysql.sql”) private Resource schemaScript; @Bean @Primary public DataSource hsqldbDataSource() throws SQLException { final SimpleDriverDataSource dataSource … Read more
You have to add @EnableGlobalMethodSecurity(prePostEnabled = true) in your WebSecurityConfig. You can find it here: http://www.baeldung.com/spring-security-expressions-basic @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
Use security.ignored property: security.ignored=/** security.basic.enable: false will just disable some part of the security auto-configurations but your WebSecurityConfig still will be registered. There is a default security password generated at startup Try to Autowired the AuthenticationManagerBuilder: @Override @Autowired protected void configure(AuthenticationManagerBuilder auth) throws Exception { … }
Override method authenticationManagerBean in WebSecurityConfigurerAdapter to expose the AuthenticationManager built using configure(AuthenticationManagerBuilder) as a Spring bean: For example: @Bean(name = BeanIds.AUTHENTICATION_MANAGER) @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); }
In a @Configuration class, a @Bean method like so @Bean @Scope(“prototype”) public Thing thing(String name) { return new Thing(name); } is used to register a bean definition and provide the factory for creating the bean. The bean that it defines is only instantiated upon request using arguments that are determined either directly or through scanning … Read more