使用Spring Security无需身份验证和授权 [英] No Authentication and authorization using Spring Security

问题描述

我的项目要求我将Spring Security用于CSRF和XSS保护，但不能用于身份验证和授权.我已经在应用程序中配置了SS，但是每次访问页面时，它都会自动将我重定向到其登录"页面.如何禁用此功能?我的SecurityConfig文件是:

My project requires that I use Spring Security for CSRF and XSS protection but not to use it for the authentication and authorization. I have configured SS into my application but every time I access a page, it automatically redirects me to it's Login page. How do I disable this? My SecurityConfig file is:

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)
            throws Exception {
    }
}

推荐答案

以下给出的SecurityConfig将允许所有请求都未经身份验证，但将具有CSRF和XSS防护:

The SecurityConfig as given below will allow all requests to be not authenticated, but will have the CSRF and XSS guards:

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().permitAll();
    }
}

这篇关于使用Spring Security无需身份验证和授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！