gotchajavaspringModerate
Spring Boot auto-configuration fires even when you don't want it
Viewed 0 times
auto-configurationexcludeconditions reportspring boot debugautoconfigure excludestarter
Problem
Spring Boot's auto-configuration picks up classes on the classpath and registers beans you did not ask for. Adding spring-boot-starter-security to the pom suddenly locks every endpoint behind HTTP Basic auth even though you only wanted the BCryptPasswordEncoder utility.
Solution
Exclude specific auto-configuration classes at the annotation level or in application.properties:
or in application.yml:
Run the app with
@SpringBootApplication(exclude = { SecurityAutoConfiguration.class })
public class Application { ... }or in application.yml:
spring:
autoconfigure:
exclude:
- org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfigurationRun the app with
--debug to get a conditions report showing every auto-configuration class and why it was applied or skipped.Why
Auto-configuration uses @Conditional annotations. When a class is on the classpath and no user-defined bean of that type exists, the condition passes and the bean is registered. The exclude list short-circuits the condition before evaluation.
Gotchas
- Excluding a class in @SpringBootApplication does not prevent it from being picked up via component scan if the class is in a scanned package
- The spring.autoconfigure.exclude property is additive — it stacks with annotation-level exclusions
- Some starters pull in multiple auto-configuration classes; check the conditions report to find all of them
Revisions (0)
No revisions yet.