Java spring中@EnableWebSecurity有什么用
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/44671457/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
What is the use of @EnableWebSecurity in spring
提问by Mehraj Malik
As per spring docs
Add this annotation to an
@Configurationclass to have the Spring Security configuration defined in anyWebSecurityConfigureror more likely by extending theWebSecurityConfigurerAdapterbase class and overriding individual methods:
通过扩展基类和覆盖单个方法,将此注释添加到
@Configuration类中,以在任何WebSecurityConfigurer或更可能的情况下定义 Spring Security 配置WebSecurityConfigurerAdapter:
Or As this @EnableWebSecuritydepicts, is used to enable SpringSecurity in our project.
或 如此@EnableWebSecurity描述,用于在我们的项目中启用 SpringSecurity。
But my question is that even if I don't annotate any of my class with @EnableWebSecuritystill the application prompting for username and password.(default behaviour)
但我的问题是,即使我没有用@EnableWebSecurity应用程序提示输入用户名和密码来注释我的任何课程。(默认行为)
So I am receiving the same behaviour with @EnableWebSecurityand without @EnableWebSecurity.
所以我在使用@EnableWebSecurity和不使用@EnableWebSecurity.
Can someone please explain what exactly is this annotation for?
有人可以解释一下这个注释究竟是什么吗?
采纳答案by Andrew Tobilko
The @EnableWebSecurityis a marker annotation. It allows Spring to find (it's a @Configurationand, therefore, @Component) and automatically apply the class to the global WebSecurity.
该@EnableWebSecurity是一个标记注释。它允许 Spring 查找(它是@Configuration并且,因此,@Component)并自动将该类应用到全局WebSecurity.
If I don't annotate any of my class with
@EnableWebSecuritystill the application prompting for username and password.
如果我没有用
@EnableWebSecurity仍然提示输入用户名和密码的应用程序来注释我的任何课程。
Yes, it is the default behavior. If you looked at your classpath, you could find other classes marked with that annotation (depends on your dependencies):
是的,这是默认行为。如果您查看您的类路径,您会发现其他标有该注释的类(取决于您的依赖项):
SpringBootWebSecurityConfiguration;FallbackWebSecurityAutoConfiguration;WebMvcSecurityConfiguration.
SpringBootWebSecurityConfiguration;FallbackWebSecurityAutoConfiguration;WebMvcSecurityConfiguration.
Consider them carefully, turn the needed configuration off, or override its behavior.
仔细考虑它们,关闭所需的配置,或覆盖其行为。
回答by Sanghyun Lee
The Spring Boot Reference Guideexplains well about it. If you search with @EnableWebSecurity:
在春季启动参考指南很好地解释了这件事。如果您搜索@EnableWebSecurity:
To switch off the default web application security configuration completely you can add a bean with
@EnableWebSecurity(this does not disable the authentication manager configuration or Actuator's security). To customize it you normally use external properties and beans of typeWebSecurityConfigurerAdapter(e.g. to add form-based login)....
If you add
@EnableWebSecurityand also disable Actuator security, you will get the default form-based login for the entire application unless you add a customWebSecurityConfigurerAdapter....
If you define a
@Configurationwith@EnableWebSecurityanywhere in your application it will switch off the default webapp security settings in Spring Boot (but leave the Actuator's security enabled). To tweak the defaults try setting properties insecurity.*(seeSecurityPropertiesfor details of available settings) and SECURITY section of Common application properties.
要完全关闭默认的 Web 应用程序安全配置,您可以添加一个 bean
@EnableWebSecurity(这不会禁用身份验证管理器配置或执行器的安全性)。要自定义它,您通常使用外部属性和类型的 beanWebSecurityConfigurerAdapter(例如,添加基于表单的登录)。...
如果您添加
@EnableWebSecurity并同时禁用 Actuator 安全性,您将获得整个应用程序的默认基于表单的登录,除非您添加自定义WebSecurityConfigurerAdapter....
如果您在应用程序中的任何位置定义
@Configurationwith@EnableWebSecurity,它将关闭 Spring Boot 中的默认 webapp 安全设置(但保持 Actuator 的安全性启用)。要调整默认值,请尝试在Common application properties 的security.*(SecurityProperties有关可用设置的详细信息)和 SECURITY 部分设置属性。
Apparently, it's to switch off the default web application security configuration and add your own.
显然,这是关闭默认的 Web 应用程序安全配置并添加您自己的。
