I am trying to create a REST Api with Spring-Boot and I need to disable security for testing purposes. I want to be able to use PostMan without any security constrain.
I have tried several ways but nothing seems to work it's as if the AplicationTest configurations are never applied.
This is the code for my ApplicationTest class
@SpringBootApplication
@Configuration()
public class ApplicationTests {
public static void main(String[] args) {
SpringApplicationBuilder ab = new SpringApplicationBuilder(ApplicationTests.class);
Map<String, Object> properties = new HashMap<>();
properties.put("server.port", 9999);
properties.put("security.basic.enabled", false);
properties.put("security.enable-csrf", false);
ab.properties(properties);
ab.run(args);
}
@Configuration
protected static class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().disable();
http.authorizeRequests().antMatchers("/**").permitAll();
}
}
}
This is my SecurityConfig class
@Configuration
@ComponentScan("com.app")
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
AuthenticationService authenticationService;
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.httpBasic().and()
.authorizeRequests()
.antMatchers("/api/business/**").hasAnyRole("BUSINESS", "ADMIN")
.antMatchers("/api/users/**").hasAnyRole("USER", "ADMIN")
.antMatchers("/api/admins/**").hasRole("ADMIN")
.antMatchers("/**").permitAll()
.anyRequest().authenticated()
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
// @formatter:on
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
ShaPasswordEncoder encoder = new ShaPasswordEncoder();
auth.userDetailsService(authenticationService).passwordEncoder(encoder);
}
}
