Closed GuillaumeDesforges closed 4 years ago
These libraries don't pull in spring-security as a dependency. Some rely on it compileOnly
, but that shouldn't affect you. It's only used if it's found on Spring Security is found in the classpath at runtime to ensure GraphiQL sends along a CSRF token with its requests for example.
You should be able to see in your dependencies graph as loaded by your IDE which package is pulling in spring-security and causing this.
I do have Spring Security as a dependency.
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
Do you mean that using it for the rest of the application also triggers GraphiQL to use it ?
I still don't understand why this affects all http requests to the server (especially on the endpoints of my RestController
) and not only those on /graphiql.
It doesn't add any specific rules for security. It relies on your existing spring security configuration to take care of that. If you use Spring Security you probably have a WebSecurityConfigurerAdapter
somewhere to finetune the security settings for your app. You should add /graphiql
and possibly /graphl
to it to exclude it from those security settings. If you don't the default kicks in and everything is secure.
Many thanks for the quick reply and clear indications, I will investigate with that in mind.
My bad: it wasn't when adding a GraphQL tool dependencies but when adding graphql-spring-boot-starter
from com.graphql-java-kickstart
. Seems like my IDE played a trick on me with a weird "Launch" mechanism.
When I add only Altair for example it works properly.
I need to add a GraphQL endpoint to a Spring Boot application with an existing REST API that uses
@RestController
and such.When I add any of the GraphQL tool as a dependency, such as
altair-spring-boot-starter
orgraphiql-spring-boot-starter
for example, and run the server, I am suddendly asked to provide a Basic Auth on all endpoints even though the base application does not require one.diff of pom.xml
Two questions then:
Thanks