如何在Spring引导应用程序中关闭Spring安全性
我已经用Spring Security在我的Spring启动应用程序中实现了身份验证 控制身份验证的主类应为WebSecurity配置:如何在Spring引导应用程序中关闭Spring安全性,spring,rest,authentication,spring-security,spring-boot,Spring,Rest,Authentication,Spring Security,Spring Boot,我已经用Spring Security在我的Spring启动应用程序中实现了身份验证 控制身份验证的主类应为WebSecurity配置: @Configuration @EnableWebSecurity @PropertySource(value = { "classpath:/config/application.properties" }) public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Configuration
@EnableWebSecurity
@PropertySource(value = { "classpath:/config/application.properties" })
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private RestAuthenticationSuccessHandler authenticationSuccessHandler;
@Autowired
private RestAuthenticationEntryPoint restAuthenticationEntryPoint;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and()
.csrf().disable()
.sessionManagement().sessionCreationPolicy(
SessionCreationPolicy.STATELESS)
.and()
.exceptionHandling()
.authenticationEntryPoint(restAuthenticationEntryPoint)
.and()
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/ristore/**").authenticated()
.anyRequest().authenticated()
.and()
.formLogin()
.successHandler(authenticationSuccessHandler)
.failureHandler(new SimpleUrlAuthenticationFailureHandler());
}
因为我在做OAuth,所以我还有AuthServerConfig
和ResourceServerConfig
。我的主要应用程序类如下所示:
@SpringBootApplication
@EnableSpringDataWebSupport
@EntityScan({"org.mdacc.ristore.fm.models"})
public class RistoreWebApplication extends SpringBootServletInitializer
{
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("*");
}
};
}
public static void main( String[] args )
{
SpringApplication.run(RistoreWebApplication.class, args);
}
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(RistoreWebApplication.class);
}
}
因为我们正在进行代码整合,所以需要暂时关闭身份验证。然而,我尝试了以下方法,但似乎没有任何效果。当我点击这些RESTAPI URL时,我仍然得到401
@Configuration
,@EnableWebSecurity
。在中,在底部建议添加@EnableWebSecurity
将禁用auth,我认为这没有任何意义。反正试过了,没用http
.授权请求()
.anyRequest().permitAll()代码>
弹簧启动执行器
,而我没有。所以我没试过这个
禁用spring安全性的正确方法是什么?正如@Maciej Walkowiak所提到的,您应该为您的主类执行以下操作:
@SpringBootApplication(exclude = org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class)
public class MainClass {
试试这个 1->在安全配置中添加注释@EnableWebSecurity //@启用Web安全性 2->在安全配置中添加这些行 spring.security.enabled=false management.security.enabled=false security.basic.enabled=false
对我有用的是这个。创建WebFilter和
PermitAll
请求交换并禁用CSRF
@Bean
public SecurityWebFilterChain chain(ServerHttpSecurity http, AuthenticationWebFilter webFilter) {
return http.authorizeExchange().anyExchange().permitAll().and()
.csrf().disable()
.build();
}
只需将此代码放入@SpringBootApplication
类中,就可以像这样工作了
@SpringBootApplication
public class ConverterApplication {
public static void main(String[] args) {
SpringApplication.run(ConverterApplication.class, args);
}
@Bean
public SecurityWebFilterChain chain(ServerHttpSecurity http, AuthenticationWebFilter webFilter) {
return http.authorizeExchange().anyExchange().permitAll().and()
.csrf().disable()
.build();
}
添加
@EnableWebSecurity
将禁用Spring引导安全自动配置。在您的情况下,您已经有了此注释,因此无论如何都不会利用自动配置。我建议尝试从类中注释掉@EnableWebSecurity
,并从自动配置中排除SecurityAutoConfiguration.class
。@MaciejWalkowiak我应该在应用程序类中排除SecurityAutoConfiguration.class吗?看看这是否回答了您的问题?它在我的主应用程序类中添加了它,并在我的securityconfig类中注释了@EnableWebSecurity
,就像@MaciejWalkowiak所说的那样。现在它是org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration