TechQA.

Disable JSR250 method security by Spring Boot profile

158 views Asked by At

I'm securing my HTTP controller endpoint methods using @RolesAllowed annotations, authenticated by Keycloak. Security is activated by @EnableWebSecurityand @EnableGlobalMethodSecurity(jsr250Enabled = true) config annotations on a KeycloakWebSecurityConfigurerAdapter.

Is there a way to disable method security by profile? All the guides only show how to do it for WebSecurity or HttpSecurity ANT matchers.

spring-boot jsr250
Original Q&A
1

There are 1 answers

0
Michael Böckling On

To disable Spring Security by default and enable it by activating the enable-security profile, disable the autoconfig beans in your application.yml:

spring:
  autoconfigure:
    exclude:
      - org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
      - org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration

Then, add @Profile("enable-security") to your security configuration bean to disable it unless that profile is active.

Security is now disabled, but the JSR250 annotations can stay in place.

Related Questions in SPRING-BOOT

Related Questions in JSR250

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions