Expected Behavior
I have a Spring Security configuration for permitting all requests:
@Configuration
@EnableWebSecurity
@Profile("no-auth")
public class NoAuthSecurityConfig {
private static final Logger logger = LoggerFactory.getLogger(NoAuthSecurityConfig.class);
public NoAuthSecurityConfig() {
}
@Bean
@Order(1)
public SecurityFilterChain noAuthSecurityFilterChain(final HttpSecurity httpSecurity) throws Exception {
return httpSecurity
.csrf(AbstractHttpConfigurer::disable)
.formLogin(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(auth ->
auth.anyRequest().permitAll()
)
.build();
}
}
Current Behavior
But it's not working for endpoints with: @PreAuthorize. I get:
org.springframework.security.authorization.AuthorizationDeniedException: Access Denied
at org.springframework.security.authorization.method.ThrowingMethodAuthorizationDeniedHandler.handleDeniedInvocation(ThrowingMethodAuthorizationDeniedHandler.java:38) ~[spring-security-core-6.5.0.jar:6.5.0]
When I remove @PreAuthorize it's working fine.
Do you know what is the correct way to disable Spring Security in Spring Cloud 2025.0.0?
Comment From: madanhk18
\assign-me