Java 即使没有安全性,SpringBoot 401 也未授权
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/45232071/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
SpringBoot 401 UnAuthorized even with out security
提问by sunleo
I did not use Spring Security but it is asking me to authenticate.
我没有使用 Spring Security,但它要求我进行身份验证。
Exception for URL(http://localhost:8080/SpringJob/ExecuteJob):
URL 异常(http://localhost:8080/SpringJob/ExecuteJob):
{
"timestamp": 1500622875056,
"status": 401,
"error": "Unauthorized",
"message": "Bad credentials",
"path": "/SPPA/ExecuteSPPAJob"
}
----below log details
2017-07-21 13:15:35.210 INFO 19828 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/SpringJob] : Initializing Spring FrameworkServlet 'dispatcherServlet'
2017-07-21 13:15:35.210 [http-nio-8080-exec-1] INFO
o.a.c.c.C.[.[localhost].[/SpringJob]-Initializing Spring FrameworkServlet 'dispatcherServlet'
2017-07-21 13:15:35.211 INFO 19828 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization started
2017-07-21 13:15:35.211 [http-nio-8080-exec-1] INFO
o.s.web.servlet.DispatcherServlet-FrameworkServlet 'dispatcherServlet': initialization started
2017-07-21 13:15:35.494 INFO 19828 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization completed in 282 ms
2017-07-21 13:15:35.494 [http-nio-8080-exec-1] INFO
o.s.web.servlet.DispatcherServlet-FrameworkServlet 'dispatcherServlet': initialization completed in 282 ms
application-dev.xml
应用程序-dev.xml
#Spring Boot based configurations
management.security.enabled: "false"
spring.autoconfigure.exclude: "org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration"
spring.batch.job.enabled: false
server.contextPath: /SpringJob
build.gradle snippet
build.gradle 片段
plugins {
id 'jacoco'
id 'org.sonarqube' version '2.5'
}
apply plugin: 'java'
apply plugin: 'eclipse'
apply plugin: 'idea'
apply plugin: 'org.springframework.boot'
apply plugin: "no.nils.wsdl2java"
apply plugin: 'jacoco'
apply plugin: "org.sonarqube"
dependencies {
compile("org.springframework.boot:spring-boot-starter-web")
compile("org.springframework.boot:spring-boot-starter-batch")
compile("org.springframework.boot:spring-boot-starter-mail")
//compile("org.springframework.boot:spring-boot-devtools")
compile group: 'org.apache.commons', name: 'commons-lang3', version: '3.5'
compile group: 'org.apache.cxf', name: 'cxf-spring-boot-starter-jaxws', version: '3.1.10'
compile group: 'org.apache.cxf', name: 'cxf-rt-ws-security', version: '3.1.10'
compile("org.springframework.boot:spring-boot-starter-actuator")
testCompile('org.springframework.boot:spring-boot-starter-test')
}
Controller
控制器
@Controller
@EnableAutoConfiguration
@EnableBatchProcessing
public class MyController {
@Autowired
JobLauncher jobLauncher;
@RequestMapping("/ExecuteJob")
@ResponseBody
public String callPrelegalJob(@RequestParam("user") String userName, @RequestParam("password") String password) {
log.info("Job is to be launched from controller...");
}
}
采纳答案by Afridi
Try to add below lines in your application.propertiesfile
尝试在您的application.properties文件中添加以下几行
security.basic.enable: false
security.ignored=/**
According to spring doc, use security.ignored=
根据spring doc,使用 security.ignored=
Comma-separated list of paths to exclude from the default secured paths
要从默认安全路径中排除的以逗号分隔的路径列表
回答by sunleo
Exact way to disable authentication could not be found by me.But by removing actuator dependency which is working.
我找不到禁用身份验证的确切方法。但是通过删除正在工作的执行器依赖项。
compile("org.springframework.boot:spring-boot-starter-actuator")
回答by Palla
if we use CXF security & Spring boot security it gives this issues.
Comment out dependency i.e disable the spring boot security then it allows.
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
to enable this we have to write custom security
Or add below config
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().permitAll();
}
}
回答by trevorsky
In the current version of Spring Boot (v2.1.0.RELEASE), the easiest way to get rid of the security issues is to add "WebSecurityConfig.java" to your project as follows:
在当前版本的 Spring Boot (v2.1.0.RELEASE) 中,摆脱安全问题的最简单方法是将“WebSecurityConfig.java”添加到您的项目中,如下所示:
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
}
}
Note of course that this removes protection against cross-site request forgery, so this is really only appropriate for simple read-only endpoints.
当然请注意,这会消除对跨站点请求伪造的保护,因此这实际上仅适用于简单的只读端点。
回答by Harshit Sharma
Just remove the the spring security dependency from pom.xml file. Worked for me :)..
只需从 pom.xml 文件中删除 spring 安全依赖项。为我工作:)。
回答by pero_hero
You can configure the springSecurityFilterChain to ignore all requests and thus allow unauthenticated access to all your endpoints with the following:
您可以将 springSecurityFilterChain 配置为忽略所有请求,从而允许使用以下命令对所有端点进行未经身份验证的访问:
@Configuration
@EnableWebSecurity
public class WebConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/**");
}
}
