Spring Boot 2.0.x禁用某些配置文件的安全性 [英] Spring Boot 2.0.x disable security for certain profile
问题描述
在Spring Boot 1.5.x中,我已经配置了安全性,并且在某些配置文件中(例如本地),我添加了 security.basic.enabled = false
行到.properties文件以禁用该配置文件的所有安全性。我正在尝试迁移到新的Spring Boot 2,其中删除了该配置属性。如何在Spring Boot 2.0.x中实现相同的行为(不使用此属性)?
In Spring Boot 1.5.x, I've had Security configured and in certain profiles (e.g. local), I've added security.basic.enabled=false
line to the .properties file to disable all security for that profile. I'm trying to migrate to the new Spring Boot 2, where that configuration property is removed. How can I achieve the same behaviour (without using this property) in Spring Boot 2.0.x?
我已经读过 Spring-Boot-Security-2.0 和 security-changes-in-spring-boot-2-0-m4 并且没有关于此属性的内容。
I've already read Spring-Boot-Security-2.0 and security-changes-in-spring-boot-2-0-m4 and there is nothing regarding this property.
推荐答案
您必须添加自定义Spring Security配置,请参阅 Spring Boot参考指南:
You have to add a custom Spring Security configuration, see Spring Boot Reference Guide:
28.1 MVC安全性
默认安全性配置在 SecurityAutoConfiguration
和 UserDetailsServiceAutoConfiguration
中实现。 SecurityAutoConfiguration
导入用于Web安全的SpringBootWebSecurityConfiguration
和 UserDetailsServiceAutoConfiguration
配置身份验证,这也与非Web应用程序有关。要完全关闭默认Web应用程序安全性配置,可以添加类型为 WebSecurityConfigurerAdapter
的bean(这样做不会禁用 UserDetailsService
配置或执行器的安全性。)
The default security configuration is implemented in SecurityAutoConfiguration
and UserDetailsServiceAutoConfiguration
. SecurityAutoConfiguration
imports SpringBootWebSecurityConfiguration
for web security and UserDetailsServiceAutoConfiguration
configures authentication, which is also relevant in non-web applications. To switch off the default web application security configuration completely, you can add a bean of type WebSecurityConfigurerAdapter
(doing so does not disable the UserDetailsService
configuration or Actuator’s security).
例如:
@Configuration
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/**");
}
}
要仅为配置文件使用配置,请添加 @Profile
到班级。如果要按属性启用它,请添加 ConditionalOnProperty
到班级。
To use the configuration only for a profile add @Profile
to the class. If you want to enable it by property, add ConditionalOnProperty
to the class.
这篇关于Spring Boot 2.0.x禁用某些配置文件的安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!