Java 不推荐使用属性“security.basic.enabled”:安全自动配置不再可自定义
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/49717573/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Property 'security.basic.enabled' is Deprecated: The security auto-configuration is no longer customizable
提问by Jeff Cook
I am working on Spring Cloudproject using the spring-boot-starter-parentversion 2.0.1.RELEASE.
我正在使用spring-boot-starter-parent版本2.0.1.RELEASE处理Spring Cloud项目。
I am getting below warning, look like
我低于警告,看起来像
Property 'security.basic.enabled' is Deprecated: The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.
不推荐使用属性“security.basic.enabled”:安全自动配置不再可自定义。而是提供您自己的 WebSecurityConfigurer bean。
security: basic: enabled: false is disabled in spring security latest version.
security: basic: enabled: false 在 spring security 最新版本中被禁用。
Could you please guide me what should I used instead ?
你能指导我应该用什么代替吗?
application.yml
应用程序.yml
---
server:
port: 8888
security:
basic:
enabled: false
spring:
cloud:
config:
server:
git:
uri: https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls
search-paths:
- 'station*'
repos:
perf:
pattern:
- '*/perf'
uri: https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls-perf
search-paths:
- 'station*'
pom.xml
pom.xml
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.1.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<spring-cloud.version>Finchley.BUILD-SNAPSHOT</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
<repositories>
<repository>
<id>spring-snapshots</id>
<name>Spring Snapshots</name>
<url>https://repo.spring.io/snapshot</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
<repository>
<id>spring-milestones</id>
<name>Spring Milestones</name>
<url>https://repo.spring.io/milestone</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
Here is the my test class.
这是我的测试课。
@RunWith(SpringRunner.class)
@SpringBootTest
public class PluralsightSpringcloudM2ConfigserverGitApplicationTests {
@Test
public void contextLoads() {
}
}
and
和
Its nothing to do with the other question
它与另一个问题无关
采纳答案by Jeff Cook
This way I was able to solve this issue. Not sure though. I just corrected application.yml
这样我就能够解决这个问题。虽然不确定。我刚刚更正了application.yml
---
server:
port: 8888
spring:
cloud:
config:
server:
git:
uri: https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls
search-paths:
- 'station*'
repos:
perf:
pattern:
- '*/perf'
uri: https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls-perf
search-paths:
- 'station*'
security:
user:
name: test
password: test
When I access the url: http://localhost:8888/s1rates/default, its asked me for the username and password and I get the below result.
当我访问 url: http://localhost:8888/s1rates/default 时,它要求我输入用户名和密码,我得到以下结果。
回答by sn42
Spring Boot 2.0 changed its auto configuration (including some properties) and has now a single behavior that backs off as soon as you add your own WebSecurityConfigurerAdapter. The default configuration looks like
Spring Boot 2.0 改变了它的自动配置(包括一些属性),现在有一个单一的行为,只要你添加你自己的 WebSecurityConfigurerAdapter。默认配置看起来像
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.httpBasic();
}
A single user with a generated password is configured by default. To customize this user use the properties under spring.security.user.
默认情况下配置具有生成密码的单个用户。要自定义此用户,请使用 下的属性spring.security.user。
spring.security.user.name=user # Default user name.
spring.security.user.password= # Password for the default user name.
spring.security.user.roles= # Granted roles for the default user name.
The following properties have been removed as of Spring Boot 2:
从 Spring Boot 2 开始,以下属性已被删除:
security.basic.authorize-mode
security.basic.enabled
security.basic.path
security.basic.realm
security.enable-csrf
security.headers.cache
security.headers.content-security-policy
security.headers.content-security-policy-mode
security.headers.content-type
security.headers.frame
security.headers.hsts
security.headers.xss
security.ignored
security.require-ssl
security.sessions
Replacements (if existing) can be found here: Appendix A. Common application properties
可在此处找到替换(如果存在):附录 A. 常见应用程序属性
To be clear: If you create a custom WebSecurityConfigurerAdapter the default security configuration will be replaced with your custom configuration:
需要明确的是:如果您创建自定义 WebSecurityConfigurerAdapter,则默认安全配置将替换为您的自定义配置:
@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// For example: Use only Http Basic and not form login.
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic();
}
}
For more information visit the Spring 2.0 Migration Guide.
有关更多信息,请访问 Spring 2.0 迁移指南。
回答by guido
I would try the following on your test class:
我会在您的测试课上尝试以下操作:
@SpringBootTest(properties="spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration")
@SpringBootTest(properties="spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration")
The would disable the autoconfiguration of spring-security in the context of your test class.
这将在您的测试类的上下文中禁用 spring-security 的自动配置。
EDIT: if it is not limited to test classes context, the same could be applied to:
编辑:如果它不限于测试类上下文,同样可以应用于:
@SpringBootApplication(exclude="org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration")
@SpringBootApplication(exclude="org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration")
or otherwise, in your application.yaml, you can do :
否则,在您的 application.yaml 中,您可以执行以下操作:
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
回答by Sunand Padmanabhan
If you are using Spring reactive Security we need to do something like this,
如果您使用的是 Spring 反应式安全性,我们需要做这样的事情,
@Bean
public SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) {
http.authorizeExchange().anyExchange().permitAll();
return http.build();
}
There is another stackoverflow post on this as well, Spring boot 2.0 disable default security
还有另一个关于此的 stackoverflow 帖子,Spring boot 2.0 禁用默认安全性
回答by sapy
This is because when you write security.basic.enabled = falseyou basically tell the application that I don't care about security and allow all the request what so ever. After spring boot 2.0 , you cant just write that 1 configuration to make the app insecure. You need to write some code to do that . Or you can just copy the following.
这是因为当您编写代码时,security.basic.enabled = false您基本上告诉应用程序我不关心安全性并允许所有请求。在 spring boot 2.0 之后,你不能只写那 1 个配置来使应用程序不安全。您需要编写一些代码来做到这一点。或者你可以直接复制以下内容。
package com.LockheedMartin.F22Simulator;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().permitAll();
}
}
By the way you should remove security.basic.enabled = falsefrom your application.properties , as spring 2.*.*doesn't understand that property anymore and If you have proper Intellij setup , You should see a warning saying 'unsupported property'.
顺便说一句,您应该security.basic.enabled = false从 application.properties 中删除,因为spring 2.*.*不再理解该属性,如果您有正确的 Intellij 设置,您应该看到一条警告说'unsupported property'。
