当前位置:theitroad>Java 如何禁用 spring-security 登录屏幕?

Java 如何禁用 spring-security 登录屏幕?

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/23636368/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-14 00:27:15  来源:igfitidea点击:

How to disable spring-security login screen?

javaspringspring-securityvaadinspring-boot

提问by membersound

I'm using spring-boot-starter-securitydependency, to make use of several classes that come with spring-security. But as I want to integrate it in an existing vaadinapplication, I only want to make use of the classes, and not of the default login/auth screen of spring.

我正在使用spring-boot-starter-security依赖项,以利用spring-security. 但是由于我想将它集成到现有vaadin应用程序中,所以我只想使用这些类,而不是 spring 的默认登录/身份验证屏幕。

How can I disable this screen?

如何禁用此屏幕?

I cannot make any configurations by extending WebSecurityConfigurerAdapteras my main entry class already extends SpringBootServletInitializer. Also, vaadin applications basically run on the same URL path all the time and use internal navigation.

我已经无法通过扩展WebSecurityConfigurerAdapter为我的主要入口类来进行任何配置extends SpringBootServletInitializer。此外,vaadin 应用程序基本上一直在相同的 URL 路径上运行并使用内部导航。

@EnableAutoConfiguration
public class MyApp extends SpringBootServletInitializer { 

        @Override
        protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
            return application.sources(MyApp.class);
        }

        public static void main(String[] args) {
            SpringApplication.run(MyApp.class, args);
        }
}

So, what could I do to disable the login screen, but though make use of spring security features?

那么,我能做些什么来禁用登录屏幕,但尽管使用 spring 安全功能?

采纳答案by Andrei Stefan

The default security in Spring Boot is Basic. You could disable it by setting security.basic.enabled=false. More about this hereand here.

Spring Boot 中的默认安全性是 Basic。您可以通过设置禁用它security.basic.enabled=false。更多关于这里这里的信息

回答by noobdev

you can use java based configuration like this :

您可以像这样使用基于 Java 的配置: 

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity security) throws Exception
    {
     security.httpBasic().disable();
    }
}

and restart your application if it's refresh automatically.

并重新启动您的应用程序,如果它自动刷新。

回答by Michiel Haisma

Disable the default spring security by excluding it from the autoconfiguration. Add SecurityAutoConfiguration.classto the excludeproperty of the @SpringBootApplicationannotation on your main class. Like follows:

通过从自动配置中排除它来禁用默认的 spring 安全性。添加SecurityAutoConfiguration.class到主类上exclude@SpringBootApplication注释属性。像下面这样:

@SpringBootApplication(exclude = { SecurityAutoConfiguration.class })
public class MyApplication {
    public static void main(String[] args) {
        SpringApplication.run(MyApplication.class, args);
    }
}

回答by Fangming

There seems to be a simpler solution.

似乎有一个更简单的解决方案。

Simply put this annotationabove your main class or the same place as your SpingBootApplicationannotation

只需将此注释放在您的主类上方或与您的SpingBootApplication注释相同的位置

@EnableAutoConfiguration(exclude = {org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class})

@EnableAutoConfiguration(exclude = {org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class})

回答by Jefferson David Casta?eda

If someone still needs the solution, put a method in the REST controller like this:

如果有人仍然需要解决方案,请在 REST 控制器中放置一个方法,如下所示:

@RestController
public class myRestController{

    @GetMapping("/login")
    public String redirectTo(){
        return "yourRedirectLink";
    }

}

This solution is very good to work with spring and react packed in a jar

该解决方案非常适合与弹簧一起使用并在罐子中进行反应

回答by nilobarp

To completely disable the login route use Spring Security configuration object

要完全禁用登录路由,请使用 Spring Security 配置对象

The following snippet uses org.springframework.boot:2.1.6.RELEASE

以下代码段使用 org.springframework.boot:2.1.6.RELEASE

@Configuration
@EnableWebSecurity
class SecurityConfig : WebSecurityConfigurerAdapter() {
  override fun configure(security: HttpSecurity) {
    super.configure(security)

    security.httpBasic().disable()

    security.cors().and().csrf().disable().authorizeRequests()
      .anyRequest().authenticated()
      .and().formLogin().disable() // <-- this will disable the login route
      .addFilter(JWTAuthorizationFilter(authenticationManager()))
      .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
  }

  @Bean
  fun corsConfigurationSource(): CorsConfigurationSource {
    val source = UrlBasedCorsConfigurationSource()
    val config = CorsConfiguration().applyPermitDefaultValues()
    config.addExposedHeader("Authorization")
    source.registerCorsConfiguration("/**", config)
    return source
  }
}

回答by Semir Umut Kurt

On the main spring-boot application class (the class which has @SpringBootApplication annotation)

在主 spring-boot 应用程序类(具有 @SpringBootApplication 注释的类)上

@SpringBootApplication(exclude={SecurityAutoConfiguration.class})

相关推荐

Java Log4J 工作不正常?

Java Log4J 工作不正常?

Java 春天@ContextConfiguration

Java 春天@ContextConfiguration

如何更正应该指向 JDK 而不是 JRE 文件夹的 JAVA_HOME?

如何更正应该指向 JDK 而不是 JRE 文件夹的 JAVA_HOME?

Java 在 WebLogic 启动中设置环境变量的最佳方法

Java 在 WebLogic 启动中设置环境变量的最佳方法

相关推荐
最近更新
标签