When I use security.basic.enabled=false to disable security on a Spring Boot project that has the following dependencies:

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-actuator</artifactId>
    </dependency>
    <dependency>
        <groupId>com.oracle</groupId>
        <artifactId>ojdbc6</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-tomcat</artifactId>
        <scope>provided</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>

I see the following Exception:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.boot.actuate.autoconfigure.ManagementSecurityAutoConfiguration$ManagementWebSecurityConfigurerAdapter': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.setObjectPostProcessor(org.springframework.security.config.annotation.ObjectPostProcessor); nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [org.springframework.security.config.annotation.ObjectPostProcessor] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {}

In order to fix this exception I had to add the property - management.security.enabled=false . My understanding is that when the actuator is in the classpath, both security.basic.enabled=false and management.security.enabled=false should be set to disable the security.

Could someone please let me know if my understanding is wrong?

What also seems to work fine is creating a file application-dev.properties that contains:

security.basic.enabled=false
management.security.enabled=false

If you then start your Spring Boot app with the dev profile, you don't need to log on.

In case you have spring-boot-actuator in your package, you should add the following

@EnableAutoConfiguration(exclude = {
        org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class,
        org.springframework.boot.actuate.autoconfigure.ManagementWebSecurityAutoConfiguration.class})

With older Spring-boot, the class was called ManagementSecurityAutoConfiguration.

If you need security as a dependency but don't want Spring Boot to configure it for you, you can use this exclusion:

    @EnableAutoConfiguration(exclude = { 
        org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class 
    })

Step 1: Comment annotation @EnableWebSecurity in your security config

//@EnableWebSecurity

Step 2: Add this to your application.properties file.

security.ignored=/**
spring.security.enabled=false
management.security.enabled=false
security.basic.enabled=false

For more details look here: http://codelocation.com/how-to-turn-on-and-off-spring-security-in-spring-boot-application/

For the spring boot 2 users it has to be

@EnableAutoConfiguration(exclude = {
    org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class
})

In order to avoid security you can use annotations. Use this annotation on top of configure class:

@EnableWebSecurity

For example:

@EnableWebSecurity
@Configuration
public class AuthFilter{
   // configured method 
}

I simply added security.ignored=/**in the application.properties,and that did the charm.

Permit access to everything using antMatchers("/")

     protected void configure(HttpSecurity http) throws Exception {
            System.out.println("configure");
                    http.csrf().disable();
                    http.authorizeRequests().antMatchers("/").permitAll();
        }

Add the below lines to your main app.

Remove org.activiti.spring.boot.SecurityAutoConfiguration.class if you're not using activiti.

Similarly, remove the one for actuator if you're not using spring-boot-actuator.

@EnableAutoConfiguration(exclude = {
org.activiti.spring.boot.SecurityAutoConfiguration.class,
org.springframework.boot.actuate.autoconfigure.ManagementWebSecurityAutoConfiguration.class,
org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class })

You need to add this entry to application.properties to bypass Springboot Default Security

spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration

Then there won't be any authentication box. otrws, credentials are:- user and 99b962fa-1848-4201-ae67-580bdeae87e9 (password randomly generated)

Note: my springBootVersion = '1.5.14.RELEASE'

You can configure to toggle spring security in your project by following below 2 steps:

STEP 1: Add a @ConditionalOnProperty annotation on top of your SecurityConfig class. Refer below:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity (prePostEnabled = true)
@ConditionalOnProperty (name = "myproject.security.enabled", havingValue = "true", matchIfMissing = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
   // your security config
}

STEP 2: Add following config to your application.properties or application.yml file.

application.properties

security.ignored=/**
myproject.security.enabled=false

OR

application.yml

security:
  ignored: /**

myproject:
  security:
    enabled: false

I added below settings in application.yml and worked fine.

security:
    route-patterns-to-be-skipped:
      - /**/*

this can be converted as security.route-paterns-to-be-skipped=/**/* for application.properties