Custom Spring Security gotcha
Today, I created a new Spring Boot app.
I spent a few hours trying to stop Spring Security from blocking even my resources. And in my WebSecurityConfigurerAdapter extension I had written
from the beginning, so why didn’t it work?
The answer is simple:
protected void configure(HttpSecurity http)
is an overriden method. And I forgot to remove the
call from the end— and it called:
Thus, my security setup was completely ignored.
Lesson for today: Watch your overrides.