Spring Boot 2.0 禁用默认安全性 [英] Spring Boot 2.0 disable default security

问题描述

我想使用 Spring Security 进行 JWT 身份验证.但它带有默认身份验证.我正在尝试禁用它，但是执行此操作的旧方法 - 通过 application.properties 禁用它 - 在 2.0 中已弃用.

I want to use Spring Security for JWT authentication. But it comes with default authentication. I am trying to disable it, but the old approach of doing this - disabling it through application.properties - is deprecated in 2.0.

这是我试过的:

@Configuration
public class StackWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.httpBasic().disable();
        // http.authorizeRequests().anyRequest().permitAll(); // Also doesn't work.
    }
}

如何简单地禁用基本安全功能?

How can I simply disable basic security?

更新
很高兴知道我使用的不是 web mvc 而是 web Flux.

UPDATE
It might be nice to know that I am not using web mvc but web flux.

截图:

推荐答案

根据 Spring 2.0 的新更新，如果 Spring Security 在 classpath 中，Spring Boot 会添加 @EnableWebSecurity.所以在 application.properties 中添加条目' 行不通(即它不再以这种方式自定义).更多信息请访问官网Spring Boot 2.0 中的安全变化

According to the new updates in Spring 2.0, if Spring Security is on the classpath, Spring Boot will add @EnableWebSecurity.So adding entries to the application.properties ain't gonna work (i.e it is no longer customizable that way). For more information visit the official website Security changes in Spring Boot 2.0

尽管不确定您的具体要求，但我可以想到如下一种解决方法:-

Albeit not sure about your requirement exactly, I could think of one workaround like the following:-

@Configuration
@EnableWebSecurity
public class SecurityConfiguration  extends WebSecurityConfigurerAdapter{
    @Override
    protected void configure(HttpSecurity http) throws Exception{
        http.authorizeRequests().antMatchers("/").permitAll();
    }
}

希望这会有所帮助.

这篇关于Spring Boot 2.0 禁用默认安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！