Open maybeec opened 5 years ago
maybeec
commented
5 years ago Removing all the authorization of the application results in a valid behavior of the h2 console. So it seems, that we have to whitelist /h2 somewhere and maybe properly provide a context path for the application to prevent name clashes in URLs
jdiazgon
commented
5 years ago I have found a way to solve this, it is explained here.
if you enable Spring Security in your project, the H2 database console will be blocked with 403 error
I have tested it and it works fine. I will provide a PR with this fix.
hohwille
commented
5 years ago @jdiazgon thank you so much for your feedback and investigation. Disabling security features for the sake of accessing some h2 feature is somewhat odd however. We IMHO need at least to find a way how to configure these "disabling" only for the h2 URLs. Still I do not like such tweaks in productive code. Great that you just added it as comment. However, there is a high risk that people using it may accidentally commit such change and break the security. Therefore we still need to find a safer and more elegant way. Anyhow, thank you very much as you help us to guide the way to the "perfect solution".
Using the archetype 3.0.0 it is not possible to access the h2 console by specifying another context path for the application different to / and providing the properties
Logging into the console always results in a 403 error.