当前位置:theitroad>如何在 Spring Boot 应用程序中关闭 Spring Security

如何在 Spring Boot 应用程序中关闭 Spring Security

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/40228036/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-09-08 01:15:00  来源:igfitidea点击:

How to turn off Spring Security in Spring Boot Application

springrestauthenticationspring-securityspring-boot

提问by ddd

I have implemented authentication in my Spring Boot Application with Spring Security.

我已经使用 Spring Security 在我的 Spring Boot 应用程序中实现了身份验证。

The main class controlling authentication should be websecurityconfig:

控制身份验证的主要类应该是 websecurityconfig:

@Configuration
@EnableWebSecurity
@PropertySource(value = { "classpath:/config/application.properties" })
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {


    @Autowired
    private RestAuthenticationSuccessHandler authenticationSuccessHandler;
    @Autowired
    private RestAuthenticationEntryPoint restAuthenticationEntryPoint;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
          .httpBasic()
            .and()
            .csrf().disable()
            .sessionManagement().sessionCreationPolicy(
                    SessionCreationPolicy.STATELESS)
            .and()
            .exceptionHandling()
            .authenticationEntryPoint(restAuthenticationEntryPoint)
            .and()
            .authorizeRequests()
                .antMatchers("/").permitAll()
                .antMatchers("/login").permitAll()
                .antMatchers("/logout").permitAll()
                .antMatchers("/ristore/**").authenticated()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .successHandler(authenticationSuccessHandler)
                .failureHandler(new SimpleUrlAuthenticationFailureHandler());
    }

Since I am doing OAuth, I have AuthServerConfigand ResourceServerConfigas well. My main application class looks like this:

因为我做的OAuth,我有AuthServerConfigResourceServerConfig也。我的主要应用程序类如下所示:

@SpringBootApplication
@EnableSpringDataWebSupport
@EntityScan({"org.mdacc.ristore.fm.models"}) 
public class RistoreWebApplication extends SpringBootServletInitializer
{
   @Bean
    public WebMvcConfigurer corsConfigurer() {
        return new WebMvcConfigurerAdapter() {
            @Override
            public void addCorsMappings(CorsRegistry registry) {
                registry.addMapping("/**").allowedOrigins("*");
            }
        };
    }
    public static void main( String[] args )
    {
        SpringApplication.run(RistoreWebApplication.class, args);
    }

    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
         return application.sources(RistoreWebApplication.class);
     }
}

Since we are doing code consolidation, we need to turn off authentication temporarily. However, I tried the following methods and nothing seems to work. I am still getting 401 when I hit these rest api urls.

由于我们在做代码整合,我们需要暂时关闭认证。但是,我尝试了以下方法,但似乎没有任何效果。当我点击这些 rest api url 时,我仍然收到 401。

  1. Comment out all the annotations in classes related to security including @Configuration, @EnableWebSecurity. In Spring boot Security Disable security, it was suggested at the bottom adding @EnableWebSecuritywill DISABLE auth which I don't think make any sense. Tried it anyway, did not work.

  2. Modify websecurityconfig by removing all the security stuff and only do http .authorizeRequests() .anyRequest().permitAll();

  1. 注释掉与安全相关的类中的所有注释,包括@Configuration, @EnableWebSecurity。在Spring boot Security Disable security 中,有人建议在底部添加@EnableWebSecuritywill DISABLE auth,我认为这没有任何意义。反正试过了,没用。

  2. 通过删除所有安全内容来修改 websecurityconfig 并且只做 http .authorizeRequests() .anyRequest().permitAll();

Disable Basic Authentication while using Spring Security Java configuration. Does not help either.

使用 Spring Security Java 配置时禁用基本身份验证。也没有帮助。

  1. Remove security auto config

    @EnableAutoConfiguration(exclude = { org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class, org.springframework.boot.actuate.autoconfigure.ManagementSecurityAutoConfiguration.class})

  1. 删除安全自动配置

    @EnableAutoConfiguration(exclude = { org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class, org.springframework.boot.actuate.autoconfigure.ManagementSecurityAutoConfiguration.class})

like what they did in disabling spring security in spring boot app. However I think this feature only works with spring-boot-actuatorwhich I don't have. So didn't try this.

就像他们在 spring boot app禁用 spring security所做的那样。但是,我认为此功能仅适用于spring-boot-actuator我没有的功能。所以没有尝试这个。

What is the correct way disable spring security?

禁用弹簧安全的正确方法是什么?

回答by luboskrnac

As @Maciej Walkowiak mentioned, you should do this for your main class:

正如@Maciej Walkowiak 提到的,你应该为你的主类做这个:

@SpringBootApplication(exclude = org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class)
public class MainClass {

回答by Mohammad

try this

尝试这个

1->Comment annotation @EnableWebSecurity in your security config

1-> 安全配置中的注释@EnableWebSecurity

//@EnableWebSecurity

//@EnableWebSecurity

2->Add these lines in your security config

2-> 在您的安全配置中添加这些行

spring.security.enabled=false

management.security.enabled=false

security.basic.enabled=false

spring.security.enabled=false

management.security.enabled=false

security.basic.enabled=false

相关推荐

asp.net-mvc asp.net mvc 3 中的错误处理

asp.net-mvc asp.net mvc 3 中的错误处理

spring Spring中@Configuration和@Component有什么区别?

spring Spring中@Configuration和@Component有什么区别?

asp.net-mvc 如何使用 MVC3 Razor 布局页面?

asp.net-mvc 如何使用 MVC3 Razor 布局页面?

如何在 Spring boot 1.4.0 中为 @DataJpaTest 排除/禁用特定的自动配置?

如何在 Spring boot 1.4.0 中为 @DataJpaTest 排除/禁用特定的自动配置?

相关推荐
最近更新
标签