use*_*073 65 spring-security spring-boot
当我使用security.basic.enabled = false来禁用具有以下依赖项的Spring Boot项目的安全性时:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>com.oracle</groupId>
<artifactId>ojdbc6</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
我看到以下例外:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.boot.actuate.autoconfigure.ManagementSecurityAutoConfiguration$ManagementWebSecurityConfigurerAdapter': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.setObjectPostProcessor(org.springframework.security.config.annotation.ObjectPostProcessor); nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [org.springframework.security.config.annotation.ObjectPostProcessor] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {}
为了解决这个异常,我不得不添加属性 - management.security.enabled = false.我的理解是当执行器在类路径中时,应该设置security.basic.enabled = false和management.security.enabled = false来禁用安全性.
如果我的理解错了,有人可以告诉我吗?
Wim*_*uwe 71
似乎工作得很好的是创建一个application-dev.properties包含以下内容的文件:
security.basic.enabled=false
management.security.enabled=false
如果您随后使用dev配置文件启动Spring Boot应用程序,则无需登录.
Var*_*esh 57
如果您的包装中有弹簧启动器,则应添加以下内容
@EnableAutoConfiguration(exclude = {
org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class,
org.springframework.boot.actuate.autoconfigure.ManagementWebSecurityAutoConfiguration.class})
使用较旧的Spring-boot,该类被调用ManagementSecurityAutoConfiguration.
在较新的版本中,这已改为
@SpringBootApplication(exclude = {
org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class,
org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration.class}
)
kar*_*123 37
对于Spring Boot 2,application.yml配置中不推荐使用以下属性
security.basic.enabled: false
management.security.enabled: false
要禁用Sprint Boot 2 Basic + Actuator Security 的安全性,可以在application.yml文件中使用以下属性而不是基于注释的排除 (@EnableAutoConfiguration(exclude = {SecurityAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class}))
spring:
autoconfigure:
exclude[0]: org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
exclude[1]: org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration
对于application.properties语法就像
spring.autoconfigure.exclude[0]=org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
gyo*_*der 35
如果您需要安全性作为依赖项但不希望Spring Boot为您配置它,则可以使用以下排除:
@EnableAutoConfiguration(exclude = {
org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class
})
gka*_*ura 17
对于春季启动2用户必须
@EnableAutoConfiguration(exclude = {
org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class
})
VK3*_*321 11
第1步:在安全配置中注释注释@EnableWebSecurity
//@EnableWebSecurity
第2步:将其添加到您的application.properties文件中.
security.ignored=/**
spring.security.enabled=false
management.security.enabled=false
security.basic.enabled=false
有关详细信息,请访问:http://codelocation.com/how-to-turn-on-and-off-spring-security-in-spring-boot-application/
小智 8
答案是允许 WebSecurityConfigurerAdapter 中的所有请求,如下所示。
您可以在现有班级或新班级中执行此操作。
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().permitAll();
}
请注意:如果存在现有的 GlobalMethodSecurityConfiguration 类,则必须禁用它。
将以下类添加到您的代码中
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
* @author vaquar khan
*/
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/**").permitAll().anyRequest().authenticated().and().csrf().disable();
}
}
和 application.properties 的 insie 添加
security.ignored=/**
security.basic.enabled=false
management.security.enabled=false
如果您@WebMvcTest在测试类中使用注解
@EnableAutoConfiguration(exclude = { SecurityAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class })
@TestPropertySource(properties = {"spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration"})
对你没有帮助。
您可以在此处禁用安全性
@WebMvcTest(secure = false)
对于 Spring Boot 2 来说,无需依赖项或代码更改的最简单方法就是:
spring:
autoconfigure:
exclude: org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
| 归档时间: |
|
| 查看次数: |
134803 次 |
| 最近记录: |