从 spring-security.xml 文件禁用 Spring Security [英] Disable Spring Security from spring-security.xml file

问题描述

请帮我提供建议.

我需要通过 xml 文件中的某个变量在我的应用程序上禁用/启用 spring 安全性.

I need to disable/enable spring security on my application by some variable in xml file.

我的 spring-security.xml 文件

my spring-security.xml file

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<http auto-config="true">
    <intercept-url pattern="/*" access="ROLE_ADMIN" />
    <logout logout-success-url="/mainpage" />
            <login login-success-url="/mainpage" />
</http>

<authentication-manager>
    <authentication-provider>
        <user-service>
            <user name="hey" password="there" authorities="ROLE_ADMIN" />
        </user-service>
    </authentication-provider>
</authentication-manager>

这是怎么做到的?谢谢.

How can be this perfomed? Thanks.

推荐答案

安全

通过将此属性设置为 none，可以将请求模式映射到空的过滤器链.不会应用任何安全性，并且 Spring Security 的任何功能都将不可用.

A request pattern can be mapped to an empty filter chain, by setting this attribute to none. No security will be applied and none of Spring Security's features will be available.

http://static.springsource.org/spring-security/site/docs/3.1.x/reference/appendix-namespace.html#nsa-http-security

所以:

<http auto-config="true" security="none">

和往常一样无"参数可以是 springEL 表达式(无论如何都是子集).

and as usual the "none" parameter can be a springEL expression (well a subset anyways).

希望这就是你要找的

忘了说它的一个新特性是 Spring Security 3.1

forgot to mention that it's a new feature is Spring Security 3.1

http://static.springsource.org/spring-security/site/docs/3.1.x/reference/new-3.1.html#new-3.1-highlevel

编辑 2:

对于更动态的解决方案，请使用 bean 配置文件.http:///static.springsource.org/spring/docs/3.1.x/spring-framework-reference/html/new-in-3.1.html#d0e1293 和 http://blog.springsource.com/2011/02/11/spring-framework-3-1-m1-发布/

For a more dynamic solution use bean profiles. http://static.springsource.org/spring/docs/3.1.x/spring-framework-reference/html/new-in-3.1.html#d0e1293 and http://blog.springsource.com/2011/02/11/spring-framework-3-1-m1-released/

这篇关于从 spring-security.xml 文件禁用 Spring Security的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！