search

spring-attic / http

Apache License 2.0
7 stars 12 forks source link

GH-8: More cleaner security disabling #9

Closed artembilan closed 7 years ago

artembilan commented 7 years ago

Resolves spring-cloud-stream-app-starters/http#8

Since security disabling is really based on the present of custom WebSecurityConfigurerAdapter add such an implementation to the DisableSecurityConfiguration internal @Configuration enabled by the http.secured = false.

The root of cause that Spring Boot's ManagementWebSecurityAutoConfiguration doesn't register its custom ApplicationNoWebSecurityConfigurerAdapter when we specify management.security.enabled=false. Meanwhile all other WebSecurityConfigurerAdapter s aren't reachable because of @ConditionalOnMissingBean(WebSecurityConfiguration.class) on the SpringBootWebSecurityConfiguration

artembilan commented 7 years ago

Do not merge yet, please.

I have some other idea in my head. Will come back soon (or tomorrow's morning...)

artembilan commented 7 years ago

Ready for merge. Thanks

sobychacko commented 7 years ago

LGTM - squashed and merged.