当执行器处于活动状态时,我应该使用哪个注释来防止弹簧靴保护我的控制器 [英] Which annotation shall I use to keep spring boot from securing my Controller when actuator is active
问题描述
我编写了一个简单的 Spring Boot 应用程序(版本 1.21),通过 REST 公开数据.我激活了执行器以了解应用程序中发生的情况:
I wrote a simple spring boot application (with version 1.21) that publicly exposes data via REST. I activated actuator in order to get insight of what is happening in the application:
dependencies {
compile("org.springframework.boot:spring-boot-starter-actuator")
在我的开发环境中,我设置了一个固定的用户/密码:
On my development environment I set a fixed user / password:
security.user.name=admin
security.user.password=admin
security.user.role=ADMIN
Actuator 使 Spring Security 被激活,这也保护了我的控制器.这不是我想要的,我希望它在不需要身份验证的情况下被调用.当我调用控制器时,我在日志中看到此消息:
Actuator causes Spring Security to be activated which also protects my Controller. This is not what I want, I want it to be called without the need to authenticate. When I call the Controller I see this message in the log:
11:00:40.713 [http-nio-8080-exec-1] INFO o.s.b.a.audit.listener.AuditListener - AuditEvent [timestamp=Fri Jan 16 11:00:40 CET 2015, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={type=org.springframework.security.access.AccessDeniedExcep
tion, message=access denied}]
我在 stackoverflow 上阅读了这篇文章,但无法翻译这变成注释.我试图用 @Secured("ROLE_ANONYMOUS") 和 @Secured("IS_AUTHENTICATED_ANONYMOUSLY") 注释我的控制器,但这没有奏效.我认为这会导致 Spring Security 仍在尝试对用户进行身份验证,但之后他所担任的角色就无关紧要
I read this article on stackoverflow but was unable to translate this into annotations. I tried to annotate my Controller with @Secured("ROLE_ANONYMOUS") and @Secured("IS_AUTHENTICATED_ANONYMOUSLY") but this did not work out. I think that this causes Spring Security still trying to authenticate the user but after that the roles he is in would not matter
是否有我可以为我的控制器定义的注解,该注解将向 Spring Security 发出信号以防止弹出身份验证框?
Is there an annotation that I can define for my controller that will signal Spring Security to refrain from popping up a authentication box ?
首先,我尝试在不添加 Spring Security 的情况下相处,但是当 jars 丢失时,我收到此消息:
First I tried to get along without adding Spring Security but when the jars are missing I get this message:
13:27:08.726 [main] ERROR o.s.boot.SpringApplication - Application startup failed
java.lang.IllegalStateException: Could not evaluate condition on org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration#ignoredPathsWebSecurityConfigurerAdapter due to internal class not found. This can happen if you are @
ComponentScanning a springframework package (e.g. if you put a @ComponentScan in the default package by mistake)
at org.springframework.boot.autoconfigure.condition.SpringBootCondition.matches(SpringBootCondition.java:51) ~[spring-boot-autoconfigure-1.2.1.RELEASE.jar:1.2.1.RELEASE]
at org.springframework.context.annotation.ConditionEvaluator.shouldSkip(ConditionEvaluator.java:102) ~[spring-context-4.1.4.RELEASE.jar:4.1.4.RELEASE]
...
at org.springframework.boot.SpringApplication.run(SpringApplication.java:950) [spring-boot-1.2.1.RELEASE.jar:1.2.1.RELEASE]
at demo.Application.main(Application.java:20) [bin/:na]
Caused by: java.lang.NoClassDefFoundError: org/springframework/security/web/access/WebInvocationPrivilegeEvaluator
Application.java:20 看起来像这样:
Application.java:20 looks like this:
ApplicationContext ctx = SpringApplication.run(Application.class, args);
推荐答案
多亏了 Dave Syer 的专业知识,我才能够解决这个问题.我在 application.properties 中设置了 security.basic.enabled=false 并从我的 build.gradle 文件中删除了 spring security.
Thanks to the expertise of Dave Syer I was able to solve this problem.
I set security.basic.enabled=false in application.properties and removed spring security from my build.gradle file.
几天前我已经这样做了,但显然刷新项目没有用,所以 spring 安全 jars 留在类路径上,而我没有注意到这一点.完全重建项目后一切正常.
I already did this some days ago but obviously refreshing the project did not work and so the spring security jars stayed on the classpath without me noticing this. After a full rebuild of the project everything worked fine.
这篇关于当执行器处于活动状态时,我应该使用哪个注释来防止弹簧靴保护我的控制器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
