Spring Boot 2.0禁用默认安全性 [英] Spring Boot 2.0 disable default security
问题描述
我想使用Spring Security进行JWT身份验证.但是它带有默认身份验证.我正在尝试禁用它,但是执行此操作的旧方法-通过application.properties
禁用它-在2.0中已弃用.
I want to use Spring Security for JWT authentication. But it comes with default authentication. I am trying to disable it, but the old approach of doing this - disabling it through application.properties
- is deprecated in 2.0.
这是我尝试过的:
@Configuration
public class StackWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().disable();
// http.authorizeRequests().anyRequest().permitAll(); // Also doesn't work.
}
}
如何简单地禁用基本安全性?
How can I simply disable basic security?
更新
知道我不是使用Web MVC,而是使用Web流量,可能会很高兴.
UPDATE
It might be nice to know that I am not using web mvc but web flux.
截屏:
推荐答案
根据Spring 2.0中的新更新,如果Spring Security位于类路径中,则Spring Boot将添加@EnableWebSecurity.因此,将条目添加到application.properties ain不会起作用(即不再可以通过这种方式进行自定义).有关更多信息,请访问官方网站 Spring Boot 2.0中的安全性更改
According to the new updates in Spring 2.0, if Spring Security is on the classpath, Spring Boot will add @EnableWebSecurity.So adding entries to the application.properties ain't gonna work (i.e it is no longer customizable that way). For more information visit the official website Security changes in Spring Boot 2.0
尽管不确定您的要求是什么,我可以想到一种解决方法,如下所示:-
Albeit not sure about your requirement exactly, I could think of one workaround like the following:-
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception{
http.authorizeRequests().antMatchers("/").permitAll();
}
}
希望这会有所帮助.
这篇关于Spring Boot 2.0禁用默认安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!