Spring Boot 2.0.x 禁用某些配置文件的安全性 [英] Spring Boot 2.0.x disable security for certain profile
问题描述
在 Spring Boot 1.5.x 中,我已经配置了安全性,并且在某些配置文件(例如本地)中,我已将 security.basic.enabled=false
行添加到 .properties 文件以禁用该配置文件的所有安全性.我正在尝试迁移到新的 Spring Boot 2,其中删除了该配置属性.如何在 Spring Boot 2.0.x 中实现相同的行为(不使用此属性)?
In Spring Boot 1.5.x, I've had Security configured and in certain profiles (e.g. local), I've added security.basic.enabled=false
line to the .properties file to disable all security for that profile. I'm trying to migrate to the new Spring Boot 2, where that configuration property is removed. How can I achieve the same behaviour (without using this property) in Spring Boot 2.0.x?
我已经阅读了Spring-Boot-Security-2.0 和 security-changes-in-spring-boot-2-0-m4 并且没有关于此属性的任何内容.
I've already read Spring-Boot-Security-2.0 and security-changes-in-spring-boot-2-0-m4 and there is nothing regarding this property.
推荐答案
您必须添加自定义 Spring Security 配置,请参阅 Spring Boot 参考指南:
You have to add a custom Spring Security configuration, see Spring Boot Reference Guide:
28.1 MVC 安全
默认安全配置在SecurityAutoConfiguration
和UserDetailsServiceAutoConfiguration
中实现.SecurityAutoConfiguration
导入 SpringBootWebSecurityConfiguration
用于 Web 安全,UserDetailsServiceAutoConfiguration
配置身份验证,这也与非 Web 应用程序相关.要完全关闭默认的 Web 应用程序安全配置,您可以添加 WebSecurityConfigurerAdapter
类型的 bean(这样做不会禁用 UserDetailsService
配置或 Actuator 的安全性).
The default security configuration is implemented in SecurityAutoConfiguration
and UserDetailsServiceAutoConfiguration
. SecurityAutoConfiguration
imports SpringBootWebSecurityConfiguration
for web security and UserDetailsServiceAutoConfiguration
configures authentication, which is also relevant in non-web applications. To switch off the default web application security configuration completely, you can add a bean of type WebSecurityConfigurerAdapter
(doing so does not disable the UserDetailsService
configuration or Actuator’s security).
例如:
@Configuration
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/**");
}
}
要将配置仅用于配置文件,请添加 @Profile
到类.如果你想通过属性启用它,添加 ConditionalOnProperty
到类.
To use the configuration only for a profile add @Profile
to the class. If you want to enable it by property, add ConditionalOnProperty
to the class.
这篇关于Spring Boot 2.0.x 禁用某些配置文件的安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!