当我使用security.basic.enabled = false来禁用具有以下依赖项的Spring Boot项目的安全性时:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>com.oracle</groupId>
<artifactId>ojdbc6</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
我看到以下例外:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.boot.actuate.autoconfigure.ManagementSecurityAutoConfiguration$ManagementWebSecurityConfigurerAdapter': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.setObjectPostProcessor(org.springframework.security.config.annotation.ObjectPostProcessor); nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [org.springframework.security.config.annotation.ObjectPostProcessor] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {}
为了解决这个异常,我不得不添加属性 - management.security.enabled = false。我的理解是当执行器在类路径中时,应该设置security.basic.enabled = false和management.security.enabled = false来禁用安全性。
如果我的理解错了,有人可以告诉我吗?
似乎工作正常的是创建一个文件application-dev.properties,其中包含:
security.basic.enabled=false
management.security.enabled=false
如果您随后使用dev配置文件启动Spring Boot应用程序,则无需登录。
将以下行添加到您的主应用程序。
如果你没有使用activiti,请删除org.activiti.spring.boot.SecurityAutoConfiguration.class。
同样,如果您没有使用弹簧启动执行器,请移除执行器。
@EnableAutoConfiguration(exclude = {
org.activiti.spring.boot.SecurityAutoConfiguration.class,
org.springframework.boot.actuate.autoconfigure.ManagementWebSecurityAutoConfiguration.class,
org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class })
您可以通过以下两个步骤配置为在项目中切换弹簧安全性:
第1步:在SecurityConfig类的顶部添加@ConditionalOnProperty注释。参考下文:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity (prePostEnabled = true)
@ConditionalOnProperty (name = "myproject.security.enabled", havingValue = "true", matchIfMissing = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
// your security config
}
第2步:将以下配置添加到application.properties或application.yml文件中。
application.properties
security.ignored=/**
myproject.security.enabled=false
要么
application.yml
security:
ignored: /**
myproject:
security:
enabled: false
我在application.yml中添加了以下设置并且工作正常。
security:
route-patterns-to-be-skipped:
- /**/*
这可以转换为application.properties的security.route-paterns-to-be-skipped=/**/*
将以下类添加到代码中
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
* @author vaquar khan
*/
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/**").permitAll().anyRequest().authenticated().and().csrf().disable();
}
}
并且insie的application.properties添加
security.ignored=/**
security.basic.enabled=false
management.security.enabled=false
如果您的包装中有弹簧启动器,则应添加以下内容
@EnableAutoConfiguration(exclude = {
org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class,
org.springframework.boot.actuate.autoconfigure.ManagementWebSecurityAutoConfiguration.class})
使用较旧的Spring-boot,该类称为ManagementSecurityAutoConfiguration。
在较新的版本中,这已改为
@SpringBootApplication(exclude = {
org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class,
org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration.class}
)
如果您需要安全性作为依赖项但不希望Spring Boot为您配置它,则可以使用以下排除:
@EnableAutoConfiguration(exclude = {
org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class
})
对于春季启动2用户必须
@EnableAutoConfiguration(exclude = {
org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class
})
第1步:在安全配置中注释注释@EnableWebSecurity
//@EnableWebSecurity
第2步:将其添加到您的application.properties文件中。
security.ignored=/**
spring.security.enabled=false
management.security.enabled=false
security.basic.enabled=false
有关详细信息,请查看此处:http://codelocation.com/how-to-turn-on-and-off-spring-security-in-spring-boot-application/
为了避免安全性,您可以使用注释。在configure类之上使用此批注:
@EnableWebSecurity
例如:
@EnableWebSecurity
@Configuration
public class AuthFilter{
// configured method
}
允许使用antMatchers(“/”)访问所有内容
protected void configure(HttpSecurity http) throws Exception {
System.out.println("configure");
http.csrf().disable();
http.authorizeRequests().antMatchers("/").permitAll();
}
我只是在security.ignored=/**上添加了application.propertiesin,这就是魅力所在。
您需要将此条目添加到application.properties以绕过Springboot Default Security
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
然后就不会有任何认证框。 otrws,凭据是: - user和99b962fa-1848-4201-ae67-580bdeae87e9(密码随机生成)
Note: my springBootVersion = '1.5.14.RELEASE'