We are starting the frontend development with the unsecured version of our backend. In the first phase, we implement all CRUD functionalities and test that these are working correctly. In the second phase, we enable security in our backend and make the modifications that are needed, and finally we implement authentication.

Open the Spring Boot application with Eclipse, which we created in Chapter 4, Securing and Testing Your Backend. Open the SecurityConfig.java file that defines the Spring Security configuration. Temporarily comment out the current configuration and give everyone access to all endpoints. See the following modifications:

  @Override
  protected void configure(HttpSecurity http) throws Exception {
   // Add this row to allow access to all endpoints
   http.cors().and().authorizeRequests().anyRequest().permitAll(); 
      
   /* Comment this out
   http.cors().and().authorizeRequests()
     .antMatchers(HttpMethod.POST, "/login").permitAll()
     .anyRequest().authenticated()
     .and()
     // Filter for the api/login requests
     .addFilterBefore(new LoginFilter("/login", authenticationManager()),
             UsernamePasswordAuthenticationFilter.class)
     // Filter for other requests to check JWT in header
     .addFilterBefore(new AuthenticationFilter(),
      UsernamePasswordAuthenticationFilter.class);
     */
    }

Now, if you run the backend and test the http:/localhost:8080/api/cars endpoint with Postman, you should get all cars in the response, as shown in the following screenshot: