Spring Boot 2.0.x禁用某些配置文件的安全性 [英] Spring Boot 2.0.x disable security for certain profile

问题描述

在Spring Boot 1.5.x中，我已经配置了安全性，并且在某些配置文件中（例如本地），我添加了 security.basic.enabled = false 行到.properties文件以禁用该配置文件的所有安全性。我正在尝试迁移到新的Spring Boot 2，其中删除了该配置属性。如何在Spring Boot 2.0.x中实现相同的行为（不使用此属性）？

In Spring Boot 1.5.x, I've had Security configured and in certain profiles (e.g. local), I've added security.basic.enabled=false line to the .properties file to disable all security for that profile. I'm trying to migrate to the new Spring Boot 2, where that configuration property is removed. How can I achieve the same behaviour (without using this property) in Spring Boot 2.0.x?

我已经读过 Spring-Boot-Security-2.0 和 security-changes-in-spring-boot-2-0-m4 并且没有关于此属性的内容。

I've already read Spring-Boot-Security-2.0 and security-changes-in-spring-boot-2-0-m4 and there is nothing regarding this property.

推荐答案

您必须添加自定义Spring Security配置，请参阅 Spring Boot参考指南：

You have to add a custom Spring Security configuration, see Spring Boot Reference Guide:

28.1 MVC安全性

默认安全性配置在 SecurityAutoConfiguration 和 UserDetailsS​​erviceAutoConfiguration 中实现。 SecurityAutoConfiguration 导入用于Web安全的SpringBootWebSecurityConfiguration 和 UserDetailsS​​erviceAutoConfiguration 配置身份验证，这也与非Web应用程序有关。要完全关闭默认Web应用程序安全性配置，可以添加类型为 WebSecurityConfigurerAdapter 的bean（这样做不会禁用 UserDetailsS​​ervice 配置或执行器的安全性。）

The default security configuration is implemented in SecurityAutoConfiguration and UserDetailsServiceAutoConfiguration. SecurityAutoConfiguration imports SpringBootWebSecurityConfiguration for web security and UserDetailsServiceAutoConfiguration configures authentication, which is also relevant in non-web applications. To switch off the default web application security configuration completely, you can add a bean of type WebSecurityConfigurerAdapter (doing so does not disable the UserDetailsService configuration or Actuator’s security).

例如：

@Configuration
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(WebSecurity web) throws Exception {
        web
           .ignoring()
               .antMatchers("/**");
    }
}

要仅为配置文件使用配置，请添加 @Profile 到班级。如果要按属性启用它，请添加 ConditionalOnProperty 到班级。

To use the configuration only for a profile add @Profile to the class. If you want to enable it by property, add ConditionalOnProperty to the class.

这篇关于Spring Boot 2.0.x禁用某些配置文件的安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！