Excluding autoconfiguration class gives 404 not found error-CodePudding

I am using Spring security in my application for encrypting user password in database. Due to this I am getting Using generated security password:XXXXXX in my Spring boot log when starting application. I didn't want this password to be generated so I am using @SpringBootApplication (exclude = {SecurityAutoConfiguration.class }) in my main class. Below is my main class

package com.example.policymanagementsystem;
import org.apache.catalina.webresources.TomcatURLStreamHandlerFactory;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.domain.EntityScan;
import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
import org.springframework.context.annotation.ComponentScan;

@SpringBootApplication (exclude = {SecurityAutoConfiguration.class })
@ComponentScan( basePackages = {"com.example.policymanagementsystem.bean"})
public class PolicymanagementsystemApplication {

    public static void main(String[] args) {
        SpringApplication.run(PolicymanagementsystemApplication.class, args);
        }
}

So the password is not getting generated when starting spring boot application but when I hit api from postman it is giving me 404 Not found error for all other api's. I don't want authentication to any of my api's so I have given below configuration in the SecurityConfiguration class.

@Override
    protected void configure(HttpSecurity http) throws Exception {

        http.cors().and().csrf().disable();
        http.authorizeRequests().antMatchers("/admin/**").permitAll().antMatchers("/user/**").permitAll().anyRequest().authenticated();
        
http.exceptionHandling()
        .authenticationEntryPoint(
            (request, response, ex) -> {
                response.sendError(
                    HttpServletResponse.SC_UNAUTHORIZED,
                    ex.getMessage()
                );
            }
        );
 http.addFilterBefore(jwtTokenFilter, UsernamePasswordAuthenticationFilter.class);
}

Please suggest me some way so that I can exclude SecurityAutoConfiguration.class and not get 404 not found error in my postman response for any api.Thanks in advance!!

CodePudding user response：

Remove the exclude part from the @SpringBootApplication and. Add this two lines in your application.properties file.

spring.security.user.name=abc
spring.security.user.password=xxx

Try this code for SecurityConfiguration. and remove .anyRequest().authenticated(); because you don't require that.

http
                .csrf().disable()
                .authorizeRequests()
                .antMatchers("/admin").hasAuthority("ADMIN")
//                .antMatchers("/post").authenticated()
                .antMatchers("/post","/deleteComment/**", "/deletePost/**", "/updateComment/**",
                        "/updateCommentPage/**", "/updatePostPage/**","/api/draft/**","/api/post/**").hasAnyAuthority("USER","ADMIN")
                .antMatchers("/","/api","/api/addComment/**","/api/viewPost/**").permitAll()
                .and().formLogin()
                .loginPage("/login").permitAll()
                .and().httpBasic().and()
                .logout().invalidateHttpSession(true)
                .clearAuthentication(true)
                .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                .logoutSuccessUrl("/logout-success").permitAll();

CodePudding user response：

Your setup actually requires authentication - .anyRequest().authenticated(); You can do permit all for any request, that should do it.

http.authorizeRequests().anyRequest().permitAll();