Spring Boot 2.0禁用默认安全性 [英] Spring Boot 2.0 disable default security

问题描述

我想使用Spring Security进行JWT身份验证.但是它带有默认身份验证.我正在尝试禁用它，但是执行此操作的旧方法-通过application.properties禁用它-在2.0中已弃用.

I want to use Spring Security for JWT authentication. But it comes with default authentication. I am trying to disable it, but the old approach of doing this - disabling it through application.properties - is deprecated in 2.0.

这是我尝试过的:

@Configuration
public class StackWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.httpBasic().disable();
        // http.authorizeRequests().anyRequest().permitAll(); // Also doesn't work.
    }
}

如何简单地禁用基本安全性?

How can I simply disable basic security?

更新
知道我不是使用Web MVC，而是使用Web流量，可能会很高兴.

UPDATE
It might be nice to know that I am not using web mvc but web flux.

截屏:

推荐答案

根据Spring 2.0中的新更新，如果Spring Security位于类路径中，则Spring Boot将添加@EnableWebSecurity.因此，将条目添加到application.properties ain不会起作用(即不再可以通过这种方式进行自定义).有关更多信息，请访问官方网站 Spring Boot 2.0中的安全性更改

According to the new updates in Spring 2.0, if Spring Security is on the classpath, Spring Boot will add @EnableWebSecurity.So adding entries to the application.properties ain't gonna work (i.e it is no longer customizable that way). For more information visit the official website Security changes in Spring Boot 2.0

尽管不确定您的要求是什么，我可以想到一种解决方法，如下所示:-

Albeit not sure about your requirement exactly, I could think of one workaround like the following:-

@Configuration
@EnableWebSecurity
public class SecurityConfiguration  extends WebSecurityConfigurerAdapter{
    @Override
    protected void configure(HttpSecurity http) throws Exception{
        http.authorizeRequests().antMatchers("/").permitAll();
    }
}

希望这会有所帮助.

这篇关于Spring Boot 2.0禁用默认安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！