如何在 Spring Boot 应用程序中关闭 Spring Security [英] How to turn off Spring Security in Spring Boot Application

问题描述

我已经使用 Spring Security 在我的 Spring Boot 应用程序中实现了身份验证.

I have implemented authentication in my Spring Boot Application with Spring Security.

控制认证的主要类应该是 websecurityconfig:

The main class controlling authentication should be websecurityconfig:

@Configuration
@EnableWebSecurity
@PropertySource(value = { "classpath:/config/application.properties" })
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {


    @Autowired
    private RestAuthenticationSuccessHandler authenticationSuccessHandler;
    @Autowired
    private RestAuthenticationEntryPoint restAuthenticationEntryPoint;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
          .httpBasic()
            .and()
            .csrf().disable()
            .sessionManagement().sessionCreationPolicy(
                    SessionCreationPolicy.STATELESS)
            .and()
            .exceptionHandling()
            .authenticationEntryPoint(restAuthenticationEntryPoint)
            .and()
            .authorizeRequests()
                .antMatchers("/").permitAll()
                .antMatchers("/login").permitAll()
                .antMatchers("/logout").permitAll()
                .antMatchers("/ristore/**").authenticated()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .successHandler(authenticationSuccessHandler)
                .failureHandler(new SimpleUrlAuthenticationFailureHandler());
    }

因为我在做 OAuth，所以我还有 AuthServerConfig 和 ResourceServerConfig.我的主应用程序类如下所示:

Since I am doing OAuth, I have AuthServerConfig and ResourceServerConfig as well. My main application class looks like this:

@SpringBootApplication
@EnableSpringDataWebSupport
@EntityScan({"org.mdacc.ristore.fm.models"}) 
public class RistoreWebApplication extends SpringBootServletInitializer
{
   @Bean
    public WebMvcConfigurer corsConfigurer() {
        return new WebMvcConfigurerAdapter() {
            @Override
            public void addCorsMappings(CorsRegistry registry) {
                registry.addMapping("/**").allowedOrigins("*");
            }
        };
    }
    public static void main( String[] args )
    {
        SpringApplication.run(RistoreWebApplication.class, args);
    }

    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
         return application.sources(RistoreWebApplication.class);
     }
}

由于我们在做代码整合，需要暂时关闭认证.但是，我尝试了以下方法，但似乎没有任何效果.当我点击这些 rest api 网址时，我仍然收到 401.

Since we are doing code consolidation, we need to turn off authentication temporarily. However, I tried the following methods and nothing seems to work. I am still getting 401 when I hit these rest api urls.

1. 注释掉所有与安全相关的类中的注解，包括@Configuration、@EnableWebSecurity.在Spring boot Security Disable security中，建议在底部添加@EnableWebSecurity 将禁用身份验证，我认为这没有任何意义.反正试过了，没用.

1. Comment out all the annotations in classes related to security including @Configuration, @EnableWebSecurity. In Spring boot Security Disable security, it was suggested at the bottom adding @EnableWebSecurity will DISABLE auth which I don't think make any sense. Tried it anyway, did not work.

通过删除所有安全内容来修改 websecurityconfig 并且只做<代码>http.authorizeRequests().anyRequest().permitAll();

Modify websecurityconfig by removing all the security stuff and only do http .authorizeRequests() .anyRequest().permitAll();

在使用 Spring Security Java 配置时禁用基本身份验证.也无济于事.

1. 删除安全自动配置

1. Remove security auto config

@EnableAutoConfiguration(排除 = {org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class，org.springframework.boot.actuate.autoconfigure.ManagementSecurityAutoConfiguration.class})

@EnableAutoConfiguration(exclude = { org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class, org.springframework.boot.actuate.autoconfigure.ManagementSecurityAutoConfiguration.class})

就像他们在在 spring boot 应用程序中禁用 spring 安全性.但是，我认为此功能仅适用于我没有的 spring-boot-actuator.所以没有尝试这个.

like what they did in disabling spring security in spring boot app. However I think this feature only works with spring-boot-actuator which I don't have. So didn't try this.

禁用 spring 安全性的正确方法是什么?

What is the correct way disable spring security?

推荐答案

正如@Maciej Walkowiak 提到的，你应该为你的主类做这个:

As @Maciej Walkowiak mentioned, you should do this for your main class:

@SpringBootApplication(exclude = org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class)
public class MainClass {

这篇关于如何在 Spring Boot 应用程序中关闭 Spring Security的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！