如何在 Spring Boot 应用程序中关闭 Spring Security [英] How to turn off Spring Security in Spring Boot Application
问题描述
我已经使用 Spring Security 在我的 Spring Boot 应用程序中实现了身份验证.
I have implemented authentication in my Spring Boot Application with Spring Security.
控制认证的主要类应该是 websecurityconfig:
The main class controlling authentication should be websecurityconfig:
@Configuration
@EnableWebSecurity
@PropertySource(value = { "classpath:/config/application.properties" })
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private RestAuthenticationSuccessHandler authenticationSuccessHandler;
@Autowired
private RestAuthenticationEntryPoint restAuthenticationEntryPoint;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and()
.csrf().disable()
.sessionManagement().sessionCreationPolicy(
SessionCreationPolicy.STATELESS)
.and()
.exceptionHandling()
.authenticationEntryPoint(restAuthenticationEntryPoint)
.and()
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/ristore/**").authenticated()
.anyRequest().authenticated()
.and()
.formLogin()
.successHandler(authenticationSuccessHandler)
.failureHandler(new SimpleUrlAuthenticationFailureHandler());
}
因为我在做 OAuth,所以我还有 AuthServerConfig
和 ResourceServerConfig
.我的主应用程序类如下所示:
Since I am doing OAuth, I have AuthServerConfig
and ResourceServerConfig
as well. My main application class looks like this:
@SpringBootApplication
@EnableSpringDataWebSupport
@EntityScan({"org.mdacc.ristore.fm.models"})
public class RistoreWebApplication extends SpringBootServletInitializer
{
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("*");
}
};
}
public static void main( String[] args )
{
SpringApplication.run(RistoreWebApplication.class, args);
}
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(RistoreWebApplication.class);
}
}
由于我们在做代码整合,需要暂时关闭认证.但是,我尝试了以下方法,但似乎没有任何效果.当我点击这些 rest api 网址时,我仍然收到 401.
Since we are doing code consolidation, we need to turn off authentication temporarily. However, I tried the following methods and nothing seems to work. I am still getting 401 when I hit these rest api urls.
注释掉所有与安全相关的类中的注解,包括
@Configuration
、@EnableWebSecurity
.在Spring boot Security Disable security中,建议在底部添加@EnableWebSecurity
将禁用身份验证,我认为这没有任何意义.反正试过了,没用.
Comment out all the annotations in classes related to security including
@Configuration
,@EnableWebSecurity
. In Spring boot Security Disable security, it was suggested at the bottom adding@EnableWebSecurity
will DISABLE auth which I don't think make any sense. Tried it anyway, did not work.
通过删除所有安全内容来修改 websecurityconfig 并且只做<代码>http.authorizeRequests().anyRequest().permitAll();
Modify websecurityconfig by removing all the security stuff and only do
http
.authorizeRequests()
.anyRequest().permitAll();
在使用 Spring Security Java 配置时禁用基本身份验证一>.也无济于事.
删除安全自动配置
Remove security auto config
@EnableAutoConfiguration(排除 = {org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class,org.springframework.boot.actuate.autoconfigure.ManagementSecurityAutoConfiguration.class})
@EnableAutoConfiguration(exclude = { org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class, org.springframework.boot.actuate.autoconfigure.ManagementSecurityAutoConfiguration.class})
就像他们在在 spring boot 应用程序中禁用 spring 安全性.但是,我认为此功能仅适用于我没有的 spring-boot-actuator
.所以没有尝试这个.
like what they did in disabling spring security in spring boot app. However I think this feature only works with spring-boot-actuator
which I don't have. So didn't try this.
禁用 spring 安全性的正确方法是什么?
What is the correct way disable spring security?
推荐答案
正如@Maciej Walkowiak 提到的,你应该为你的主类做这个:
As @Maciej Walkowiak mentioned, you should do this for your main class:
@SpringBootApplication(exclude = org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class)
public class MainClass {
这篇关于如何在 Spring Boot 应用程序中关闭 Spring Security的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!