'Spring SecurityConfig not working

I have played with this for some time, but it does not seem to get wired to my project.

Here is the file from the last time I edited it. I have permit all so I can test to see if this file is working or not. I am still getting 401 error when I don't include any authentication.

Any idea what I am missing?

package org.springframework.security.samples.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().permitAll();
    }
}

EDIT

Here are security debug logs when I start the application

2016-12-07 23:24:48.673 DEBUG 15640 --- [           main] eGlobalAuthenticationAutowiredConfigurer : Eagerly initializing {org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration=org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration$$EnhancerBySpringCGLIB$$60c02dff@68fc9167}    
2016-12-07 23:24:48.827 DEBUG 15640 --- [           main] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'hasAnyRole('ROLE_USER')', for org.springframework.security.web.util.matcher.AnyRequestMatcher@1
2016-12-07 23:24:48.834 DEBUG 15640 --- [           main] o.s.s.w.a.i.FilterSecurityInterceptor    : Validated configuration attributes
2016-12-07 23:24:48.835 DEBUG 15640 --- [           main] o.s.s.w.a.i.FilterSecurityInterceptor    : Validated configuration attributes

Here are the security debug logs when I make the rest call

2016-12-07 23:29:19.114[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.u.matcher.AntPathRequestMatcher [0;39m [2m:[0;39m Checking match of request : '/users'; against '/css/**'
[2m2016-12-07 23:29:19.114[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.u.matcher.AntPathRequestMatcher [0;39m [2m:[0;39m Checking match of request : '/users'; against '/js/**'
[2m2016-12-07 23:29:19.114[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.u.matcher.AntPathRequestMatcher [0;39m [2m:[0;39m Checking match of request : '/users'; against '/images/**'
[2m2016-12-07 23:29:19.114[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.u.matcher.AntPathRequestMatcher [0;39m [2m:[0;39m Checking match of request : '/users'; against '/webjars/**'
[2m2016-12-07 23:29:19.114[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.u.matcher.AntPathRequestMatcher [0;39m [2m:[0;39m Checking match of request : '/users'; against '/**/favicon.ico'
[2m2016-12-07 23:29:19.114[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.u.matcher.AntPathRequestMatcher [0;39m [2m:[0;39m Checking match of request : '/users'; against '/error'
[2m2016-12-07 23:29:19.114[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.web.util.matcher.OrRequestMatcher [0;39m [2m:[0;39m Trying to match using Ant [pattern='/**']
[2m2016-12-07 23:29:19.114[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.u.matcher.AntPathRequestMatcher [0;39m [2m:[0;39m Request '/users' matched by universal pattern '/**'
[2m2016-12-07 23:29:19.114[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.web.util.matcher.OrRequestMatcher [0;39m [2m:[0;39m matched
[2m2016-12-07 23:29:19.115[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.security.web.FilterChainProxy       [0;39m [2m:[0;39m /users at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
[2m2016-12-07 23:29:19.116[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.security.web.FilterChainProxy       [0;39m [2m:[0;39m /users at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[2m2016-12-07 23:29:19.118[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.security.web.FilterChainProxy       [0;39m [2m:[0;39m /users at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
[2m2016-12-07 23:29:19.119[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.security.web.FilterChainProxy       [0;39m [2m:[0;39m /users at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
[2m2016-12-07 23:29:19.119[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.web.util.matcher.OrRequestMatcher [0;39m [2m:[0;39m Trying to match using Ant [pattern='/logout', GET]
[2m2016-12-07 23:29:19.120[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.u.matcher.AntPathRequestMatcher [0;39m [2m:[0;39m Request 'POST /users' doesn't match 'GET /logout
[2m2016-12-07 23:29:19.120[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.web.util.matcher.OrRequestMatcher [0;39m [2m:[0;39m Trying to match using Ant [pattern='/logout', POST]
[2m2016-12-07 23:29:19.120[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.u.matcher.AntPathRequestMatcher [0;39m [2m:[0;39m Checking match of request : '/users'; against '/logout'
[2m2016-12-07 23:29:19.120[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.web.util.matcher.OrRequestMatcher [0;39m [2m:[0;39m Trying to match using Ant [pattern='/logout', PUT]
[2m2016-12-07 23:29:19.120[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.u.matcher.AntPathRequestMatcher [0;39m [2m:[0;39m Request 'POST /users' doesn't match 'PUT /logout
[2m2016-12-07 23:29:19.120[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.web.util.matcher.OrRequestMatcher [0;39m [2m:[0;39m Trying to match using Ant [pattern='/logout', DELETE]
[2m2016-12-07 23:29:19.120[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.u.matcher.AntPathRequestMatcher [0;39m [2m:[0;39m Request 'POST /users' doesn't match 'DELETE /logout
[2m2016-12-07 23:29:19.120[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.web.util.matcher.OrRequestMatcher [0;39m [2m:[0;39m No matches found
[2m2016-12-07 23:29:19.120[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.security.web.FilterChainProxy       [0;39m [2m:[0;39m /users at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
[2m2016-12-07 23:29:19.120[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.security.web.FilterChainProxy       [0;39m [2m:[0;39m /users at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[2m2016-12-07 23:29:19.120[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.security.web.FilterChainProxy       [0;39m [2m:[0;39m /users at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[2m2016-12-07 23:29:19.121[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.security.web.FilterChainProxy       [0;39m [2m:[0;39m /users at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[2m2016-12-07 23:29:19.123[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.a.AnonymousAuthenticationFilter [0;39m [2m:[0;39m Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
[2m2016-12-07 23:29:19.123[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.security.web.FilterChainProxy       [0;39m [2m:[0;39m /users at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
[2m2016-12-07 23:29:19.123[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.security.web.FilterChainProxy       [0;39m [2m:[0;39m /users at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[2m2016-12-07 23:29:19.123[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.security.web.FilterChainProxy       [0;39m [2m:[0;39m /users at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[2m2016-12-07 23:29:19.124[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.a.i.FilterSecurityInterceptor   [0;39m [2m:[0;39m Secure object: FilterInvocation: URL: /users; Attributes: [hasAnyRole('ROLE_USER')]
[2m2016-12-07 23:29:19.124[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.a.i.FilterSecurityInterceptor   [0;39m [2m:[0;39m Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
[2m2016-12-07 23:29:19.128[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.access.vote.AffirmativeBased      [0;39m [2m:[0;39m Voter: org.springframework.security.web.access.expression.WebExpressionVoter@6175291d, returned: -1
[2m2016-12-07 23:29:19.134[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.a.ExceptionTranslationFilter    [0;39m [2m:[0;39m Access is denied (user is anonymous); redirecting to authentication entry point

org.springframework.security.access.AccessDeniedException: Access is denied
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124) ~[spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) ~[spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115) ~[spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:121) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) [spring-security-web-4.1.3.RELEASE.jar:4.1.3.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:89) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.4.RELEASE.jar:4.3.4.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:784) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:802) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1410) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.8.0_112]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.8.0_112]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.6.jar:8.5.6]
    at java.lang.Thread.run(Unknown Source) [na:1.8.0_112]

[2m2016-12-07 23:29:19.135[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.a.ExceptionTranslationFilter    [0;39m [2m:[0;39m Calling Authentication entry point.
[2m2016-12-07 23:29:19.135[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.w.header.writers.HstsHeaderWriter [0;39m [2m:[0;39m Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@5e6187fd
[2m2016-12-07 23:29:19.135[0;39m [32mDEBUG[0;39m [35m15640[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36ms.s.w.c.SecurityContextPersistenceFilter[0;39m [2m:[0;39m SecurityContextHolder now cleared, as request processing completed
springspring-mvcspring-bootspring-security


Solution 1:[1]

Probably I'm missing something. I don't know why you're using @EnableWebMvcSecurity with Spring Boot, it is deprecated, but that's not the point.

If you're using Spring Boot and want to create a security config that allow every call you can do it like this:

@EnableWebSecurity
@Configuration
class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().permitAll();
    }
}

Solution 2:[2]

You didn't disable the default security configuration, so Spring Boot uses the default security configuration, see Spring Boot Reference Guide:

The default security configuration is implemented in SecurityAutoConfiguration and in the classes imported from there (SpringBootWebSecurityConfiguration for web security and AuthenticationManagerConfiguration for authentication configuration which is also relevant in non-web applications). To switch off the default web application security configuration completely you can add a bean with @EnableWebSecurity (this does not disable the authentication manager configuration or Actuator’s security). To customize it you normally use external properties and beans of type WebSecurityConfigurerAdapter (e.g. to add form-based login). To also switch off the authentication manager configuration you can add a bean of type AuthenticationManager, or else configure the global AuthenticationManager by autowiring an AuthenticationManagerBuilder into a method in one of your @Configuration classes. There are several secure applications in the Spring Boot samples to get you started with common use cases.

The basic features you get out of the box in a web application are:

  • An AuthenticationManager bean with in-memory store and a single user (see SecurityProperties.User for the properties of the user).
  • Ignored (insecure) paths for common static resource locations (/css/**, /js/**, /images/**, /webjars/** and **/favicon.ico).
  • HTTP Basic security for all other endpoints.
  • Security events published to Spring’s ApplicationEventPublisher (successful and unsuccessful authentication and access denied).
  • Common low-level features (HSTS, XSS, CSRF, caching) provided by Spring Security are on by default.

All of the above can be switched on and off or modified using external properties (security.*). To override the access rules without changing any other auto-configured features add a @Bean of type WebSecurityConfigurerAdapter with @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) and configure it to meet your needs.

See also spring-boot-sample-web-secure:

@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin()
                .loginPage("/login").failureUrl("/login?error").permitAll().and()
                .logout().permitAll();
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("admin").password("admin")
                .roles("ADMIN", "USER").and().withUser("user").password("user")
                .roles("USER");
    }
}

Solution 3:[3]

Try to ignore it at all:

@Override
        public void configure(WebSecurity web) throws Exception {
            web.ignoring().antMatchers("/**");
        }

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 dur
Solution 2
Solution 3 Artegon

Related Questions

Upload data file as byte array with Feign

Apache Camel: Set body from resource

How to configure log4j in a Spring Mvc application configured with Java Annotations and using a log4j.properties file

SonnarQube's issue: change code to not construct the URL from user-controlled data

How do I produce just one message using Spring Cloud Stream w/o deprecated @Output, or turn off polling?

Error creating bean with name 'entityManagerFactory'

Spel not supported on spring annotation @Scheduled.fixedDelayString

How to run gradle based spring boot application in background using command line in ubuntu?

AuthenticationSuccessEvent never fired

Spring @Value annotation always evaluating as null?

Spring MongoDB query sorting

Map JSON default tag to java variable

Spring Hibernate Jackson Hibernate5Module

Spring JUnit: How to Mock autowired component in autowired component

Flyway Found more than one migration with version