其中注释,我将用它来保持泉水从启动我的安全控制器的时候,执行器被激活 [英] Which annotation shall I use to keep spring boot from securing my Controller when actuator is active
问题描述
我写了一个简单的弹簧启动应用程序(使用1.21版),通过REST的公开数据公开。我激活执行机构,以获得什么是在应用程序发生的见解:
{相关性
编译(org.springframework.boot:春天开机起动致动器)
在我的开发环境,我设定一个固定的用户名/密码:
security.user.name =管理员
security.user.password =管理员
security.user.role = ADMIN
执行器导致的Spring Security要激活这也保障我的控制器。这不是我想要的,我希望它被称为无需进行身份验证。当我打电话控制器我在日志中看到此消息:
11:00:40.713 [HTTP-NIO-8080-EXEC-1] INFO osbaaudit.listener.AuditListener - AuditEvent [时间戳=周五1月16日11时○○分40秒CET 2015年,本金= anonymousUser,键入= AUTHORIZATION_FAILURE,数据= {类型= org.springframework.security.access.AccessDeniedExcep
化,消息=访问被拒绝}]
我读到这<一个href=\"http://stackoverflow.com/questions/12458333/how-to-exclude-controller-from-spring-security\">article对计算器,但无法转化为注释本。我想我的注释控制器 @Secured(ROLE_ANONYMOUS)
和 @Secured(IS_AUTHENTICATED_ANONYMOUSLY)
但这没有发挥出来。我认为,这将导致春季安全仍试图对用户进行认证,但之后他在角色不会有问题。
有没有办法,我可以为我的控制器,将标志着春季安全从弹出一个身份验证框不要注释?
首先,我想不增加Spring Security的相处,但罐子失踪,当我得到这个消息:
13:27:08.726 [主]错误o.s.boot.SpringApplication - 应用程序启动失败
java.lang.IllegalStateException:无法评估条件org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration#ignoredPathsWebSecurityConfigurerAdapter由于内部类未找到。如果你是可能发生这种情况@
ComponentScanning一个springframework的包(例如,如果你把一个@ComponentScan在默认包错误)
在org.springframework.boot.autoconfigure.condition.SpringBootCondition.matches(SpringBootCondition.java:51) 〜[弹簧启动自动配置-1.2.1.RELEASE.jar:1.2.1.RELEASE]
在org.springframework.context.annotation.ConditionEvaluator.shouldSkip(ConditionEvaluator.java:102)〜[弹簧上下文4.1.4.RELEASE.jar:4.1.4.RELEASE]
...
在org.springframework.boot.SpringApplication.run(SpringApplication.java:950)弹簧引导1.2.1.RELEASE.jar:1.2.1.RELEASE]
在demo.Application.main(Application.java:20)[斌/:NA]
java.lang.NoClassDefFoundError的:引起组织/ springframework的/安全/网络/门禁/ WebInvocationPrivilegeEvaluator
Application.java:20看起来是这样的:
的ApplicationContext CTX = SpringApplication.run(Application.class,参数);
感谢戴夫Syer的专业知识,我能够解决这个问题。
我设置 security.basic.enabled = FALSE
在 application.properties
从我的build.gradle
文件。
我已经这样做了一些天前,但显然刷新项目没有工作,所以春天的安全罐子留在类路径中没有我注意到这一点。一个完整的重建后,该项目的一切工作正常。
I wrote a simple spring boot application (with version 1.21) that publicly exposes data via REST. I activated actuator in order to get insight of what is happening in the application:
dependencies {
compile("org.springframework.boot:spring-boot-starter-actuator")
On my development environment I set a fixed user / password:
security.user.name=admin
security.user.password=admin
security.user.role=ADMIN
Actuator causes Spring Security to be activated which also protects my Controller. This is not what I want, I want it to be called without the need to authenticate. When I call the Controller I see this message in the log:
11:00:40.713 [http-nio-8080-exec-1] INFO o.s.b.a.audit.listener.AuditListener - AuditEvent [timestamp=Fri Jan 16 11:00:40 CET 2015, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={type=org.springframework.security.access.AccessDeniedExcep
tion, message=access denied}]
I read this article on stackoverflow but was unable to translate this into annotations. I tried to annotate my Controller with @Secured("ROLE_ANONYMOUS")
and @Secured("IS_AUTHENTICATED_ANONYMOUSLY")
but this did not work out. I think that this causes Spring Security still trying to authenticate the user but after that the roles he is in would not matter
Is there an annotation that I can define for my controller that will signal Spring Security to refrain from popping up a authentication box ?
First I tried to get along without adding Spring Security but when the jars are missing I get this message:
13:27:08.726 [main] ERROR o.s.boot.SpringApplication - Application startup failed
java.lang.IllegalStateException: Could not evaluate condition on org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration#ignoredPathsWebSecurityConfigurerAdapter due to internal class not found. This can happen if you are @
ComponentScanning a springframework package (e.g. if you put a @ComponentScan in the default package by mistake)
at org.springframework.boot.autoconfigure.condition.SpringBootCondition.matches(SpringBootCondition.java:51) ~[spring-boot-autoconfigure-1.2.1.RELEASE.jar:1.2.1.RELEASE]
at org.springframework.context.annotation.ConditionEvaluator.shouldSkip(ConditionEvaluator.java:102) ~[spring-context-4.1.4.RELEASE.jar:4.1.4.RELEASE]
...
at org.springframework.boot.SpringApplication.run(SpringApplication.java:950) [spring-boot-1.2.1.RELEASE.jar:1.2.1.RELEASE]
at demo.Application.main(Application.java:20) [bin/:na]
Caused by: java.lang.NoClassDefFoundError: org/springframework/security/web/access/WebInvocationPrivilegeEvaluator
Application.java:20 looks like this:
ApplicationContext ctx = SpringApplication.run(Application.class, args);
Thanks to the expertise of Dave Syer I was able to solve this problem.
I set security.basic.enabled=false
in application.properties
and removed spring security from my build.gradle
file.
I already did this some days ago but obviously refreshing the project did not work and so the spring security jars stayed on the classpath without me noticing this. After a full rebuild of the project everything worked fine.
这篇关于其中注释,我将用它来保持泉水从启动我的安全控制器的时候,执行器被激活的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!