其中注释，我将用它来保持泉水从启动我的安全控制器的时候，执行器被激活 [英] Which annotation shall I use to keep spring boot from securing my Controller when actuator is active

问题描述

我写了一个简单的弹簧启动应用程序（使用1.21版），通过REST的公开数据公开。我激活执行机构，以获得什么是在应用程序发生的见解：

  {相关性
    编译（org.springframework.boot：春天开机起动致动器）
 

在我的开发环境，我设定一个固定的用户名/密码：

  security.user.name =管理员
security.user.password =管理员
security.user.role = ADMIN
 

执行器导致的Spring Security要激活这也保障我的控制器。这不是我想要的，我希望它被称为无需进行身份验证。当我打电话控制器我在日志中看到此消息：

  11：00：40.713 [HTTP-NIO-8080-EXEC-1] INFO osbaaudit.listener.AuditListener  -  AuditEvent [时间戳=周五1月16日11时○○分40秒CET 2015年，本金= anonymousUser，键入= AUTHORIZATION_FAILURE，数据= {类型= org.springframework.security.access.AccessDeniedExcep
化，消息=访问被拒绝}]
 

我读到这<一个href=\"http://stackoverflow.com/questions/12458333/how-to-exclude-controller-from-spring-security\">article对计算器，但无法转化为注释本。我想我的注释控制器 @Secured（ROLE_ANONYMOUS）和 @Secured（IS_AUTHENTICATED_ANONYMOUSLY）但这没有发挥出来。我认为，这将导致春季安全仍试图对用户进行认证，但之后他在角色不会有问题。

有没有办法，我可以为我的控制器，将标志着春季安全从弹出一个身份验证框不要注释？

首先，我想不增加Spring Security的相处，但罐子失踪，当我得到这个消息：

  13：27：08.726 [主]错误o.s.boot.SpringApplication  - 应用程序启动失败
java.lang.IllegalStateException：无法评估条件org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration#ignoredPathsWebSecurityConfigurerAdapter由于内部类未找到。如果你是可能发生这种情况@
ComponentScanning一个springframework的包（例如，如果你把一个@ComponentScan在默认包错误）
    在org.springframework.boot.autoconfigure.condition.SpringBootCondition.matches(SpringBootCondition.java:51) 〜[弹簧启动自动配置-1.2.1.RELEASE.jar：1.2.1.RELEASE]
    在org.springframework.context.annotation.ConditionEvaluator.shouldSkip（ConditionEvaluator.java:102）〜[弹簧上下文4.1.4.RELEASE.jar：4.1.4.RELEASE]
...
    在org.springframework.boot.SpringApplication.run（SpringApplication.java:950）弹簧引导1.2.1.RELEASE.jar：1.2.1.RELEASE]
    在demo.Application.main（Application.java:20）[斌/：NA]
java.lang.NoClassDefFoundError的：引起组织/ springframework的/安全/网络/门禁/ WebInvocationPrivilegeEvaluator
 

Application.java:20看起来是这样的：

 的ApplicationContext CTX = SpringApplication.run（Application.class，参数）;
 

解决方案

感谢戴夫Syer的专业知识，我能够解决这个问题。
我设置 security.basic.enabled = FALSE 在 application.properties 从我的build.gradle 文件。

我已经这样做了一些天前，但显然刷新项目没有工作，所以春天的安全罐子留在类路径中没有我注意到这一点。一个完整的重建后，该项目的一切工作正常。

I wrote a simple spring boot application (with version 1.21) that publicly exposes data via REST. I activated actuator in order to get insight of what is happening in the application:

dependencies {
    compile("org.springframework.boot:spring-boot-starter-actuator")

On my development environment I set a fixed user / password:

security.user.name=admin
security.user.password=admin
security.user.role=ADMIN

Actuator causes Spring Security to be activated which also protects my Controller. This is not what I want, I want it to be called without the need to authenticate. When I call the Controller I see this message in the log:

11:00:40.713 [http-nio-8080-exec-1] INFO  o.s.b.a.audit.listener.AuditListener - AuditEvent [timestamp=Fri Jan 16 11:00:40 CET 2015, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={type=org.springframework.security.access.AccessDeniedExcep
tion, message=access denied}]

I read this article on stackoverflow but was unable to translate this into annotations. I tried to annotate my Controller with @Secured("ROLE_ANONYMOUS") and @Secured("IS_AUTHENTICATED_ANONYMOUSLY") but this did not work out. I think that this causes Spring Security still trying to authenticate the user but after that the roles he is in would not matter

Is there an annotation that I can define for my controller that will signal Spring Security to refrain from popping up a authentication box ?

First I tried to get along without adding Spring Security but when the jars are missing I get this message:

13:27:08.726 [main] ERROR o.s.boot.SpringApplication - Application startup failed
java.lang.IllegalStateException: Could not evaluate condition on org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration#ignoredPathsWebSecurityConfigurerAdapter due to internal class not found. This can happen if you are @
ComponentScanning a springframework package (e.g. if you put a @ComponentScan in the default package by mistake)
    at org.springframework.boot.autoconfigure.condition.SpringBootCondition.matches(SpringBootCondition.java:51) ~[spring-boot-autoconfigure-1.2.1.RELEASE.jar:1.2.1.RELEASE]
    at org.springframework.context.annotation.ConditionEvaluator.shouldSkip(ConditionEvaluator.java:102) ~[spring-context-4.1.4.RELEASE.jar:4.1.4.RELEASE]
...
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:950) [spring-boot-1.2.1.RELEASE.jar:1.2.1.RELEASE]
    at demo.Application.main(Application.java:20) [bin/:na]
Caused by: java.lang.NoClassDefFoundError: org/springframework/security/web/access/WebInvocationPrivilegeEvaluator

Application.java:20 looks like this:

ApplicationContext ctx = SpringApplication.run(Application.class, args);

解决方案

Thanks to the expertise of Dave Syer I was able to solve this problem. I set security.basic.enabled=false in application.properties and removed spring security from my build.gradle file.

I already did this some days ago but obviously refreshing the project did not work and so the spring security jars stayed on the classpath without me noticing this. After a full rebuild of the project everything worked fine.

这篇关于其中注释，我将用它来保持泉水从启动我的安全控制器的时候，执行器被激活的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！