Spring Boot 2.0.x 禁用某些配置文件的安全性 [英] Spring Boot 2.0.x disable security for certain profile

问题描述

在 Spring Boot 1.5.x 中，我已经配置了安全性，并且在某些配置文件(例如本地)中，我已将 security.basic.enabled=false 行添加到 .properties 文件以禁用该配置文件的所有安全性.我正在尝试迁移到新的 Spring Boot 2，其中删除了该配置属性.如何在 Spring Boot 2.0.x 中实现相同的行为(不使用此属性)?

In Spring Boot 1.5.x, I've had Security configured and in certain profiles (e.g. local), I've added security.basic.enabled=false line to the .properties file to disable all security for that profile. I'm trying to migrate to the new Spring Boot 2, where that configuration property is removed. How can I achieve the same behaviour (without using this property) in Spring Boot 2.0.x?

我已经阅读了Spring-Boot-Security-2.0 和 security-changes-in-spring-boot-2-0-m4 并且没有关于此属性的任何内容.

I've already read Spring-Boot-Security-2.0 and security-changes-in-spring-boot-2-0-m4 and there is nothing regarding this property.

推荐答案

您必须添加自定义 Spring Security 配置，请参阅 Spring Boot 参考指南:

You have to add a custom Spring Security configuration, see Spring Boot Reference Guide:

28.1 MVC 安全

默认安全配置在SecurityAutoConfiguration 和UserDetailsS​​erviceAutoConfiguration 中实现.SecurityAutoConfiguration 导入 SpringBootWebSecurityConfiguration 用于 Web 安全，UserDetailsS​​erviceAutoConfiguration 配置身份验证，这也与非 Web 应用程序相关.要完全关闭默认的 Web 应用程序安全配置，您可以添加 WebSecurityConfigurerAdapter 类型的 bean(这样做不会禁用 UserDetailsS​​ervice 配置或 Actuator 的安全性).

The default security configuration is implemented in SecurityAutoConfiguration and UserDetailsServiceAutoConfiguration. SecurityAutoConfiguration imports SpringBootWebSecurityConfiguration for web security and UserDetailsServiceAutoConfiguration configures authentication, which is also relevant in non-web applications. To switch off the default web application security configuration completely, you can add a bean of type WebSecurityConfigurerAdapter (doing so does not disable the UserDetailsService configuration or Actuator’s security).

例如:

@Configuration
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(WebSecurity web) throws Exception {
        web
           .ignoring()
               .antMatchers("/**");
    }
}

要将配置仅用于配置文件，请添加 @Profile 到类.如果你想通过属性启用它，添加 ConditionalOnProperty 到类.

To use the configuration only for a profile add @Profile to the class. If you want to enable it by property, add ConditionalOnProperty to the class.

这篇关于Spring Boot 2.0.x 禁用某些配置文件的安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！