我有一个Spring Boot web应用程序,配置了spring security.我想暂时禁用身份验证(直到需要).
我将它添加到application.properties:
security.basic.enable: false
management.security.enabled: false
这是我的一部分
但我仍然有一个基本的安全性:启动时生成一个默认的安全密码,我仍然收到HTTP身份验证提示框.
我的pom.xml:
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
4.0.0
fr.test.sample
navigo
1.0.0-SNAPSHOT
org.springframework.boot
spring-boot-starter-parent
1.3.1.RELEASE
1.7
1.8.3
18.0
9.3-1103-jdbc41
org.springframework.boot
spring-boot-starter-web
org.springframework.boot
spring-boot-starter-actuator
org.springframework.boot
spring-boot-starter-thymeleaf
org.springframework.boot
spring-boot-starter-mail
org.springframework
spring-context-support
org.apache.velocity
velocity
org.springframework.boot
spring-boot-devtools
true
org.jsoup
jsoup
${jsoup.version}
com.google.guava
guava
${guava.version}
org.springframework.boot
spring-boot-starter-security
org.springframework.boot
spring-boot-starter-data-jpa
org.postgresql
postgresql
org.springframework.boot
spring-boot-maven-plugin
spring-snapshots
http://repo.spring.io/snapshot
true
spring-milestones
http://repo.spring.io/milestone
spring-snapshots
http://repo.spring.io/snapshot
spring-milestones
http://repo.spring.io/milestone
安全性在WebSecurityConfig.java中配置(我已注释注释以禁用它):
//@Configuration
//@EnableWebSecurity
//@EnableGlobalMethodSecurity(prePostEnabled = true)
//@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
@Autowired
UserService userService;
@Autowired
private DataSource datasource;
@Override
protected void configure(HttpSecurity http) throws Exception {
// http.authorizeRequests().antMatchers("/bus/topologie", "/home")
// http.authorizeRequests().anyRequest().authenticated()
// .antMatchers("/admin/**").access("hasRole('ADMIN')").and()
// .formLogin().failureUrl("/login?error")
// .defaultSuccessUrl("/bus/topologie").loginPage("/login")
// .permitAll().and().logout()
// .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
// .logoutSuccessUrl("/login").permitAll().and().rememberMe()
// .rememberMeParameter("remember-me")
// .tokenRepository(persistentTokenRepository())
// .tokenValiditySeconds(86400).and().csrf();
}
@Bean
public PersistentTokenRepository persistentTokenRepository() {
JdbcTokenRepositoryImpl tokenRepositoryImpl = new JdbcTokenRepositoryImpl();
tokenRepositoryImpl.setDataSource(datasource);
return tokenRepositoryImpl;
}
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
PasswordEncoder encoder = new BCryptPasswordEncoder();
auth.userDetailsService(userDetailsService).passwordEncoder(encoder);
auth.jdbcAuthentication().dataSource(datasource);
if (!userService.userExists("user")) {
User userAdmin = new User("user", encoder.encode("password"), true);
Set authorities = new HashSet();
authorities.add(new Authorities(userAdmin,"ADMIN"));
authorities.add(new Authorities(userAdmin,"CRIP"));
authorities.add(new Authorities(userAdmin,"USER"));
userAdmin.setAuthorities(authorities);
userService.createUser(userAdmin);
}
}
}
解决方法:
使用security.ignored属性:
security.ignored=/**
security.basic.enable:false将仅禁用安全自动配置的某些部分,但仍会注册您的WebSecurityConfig.
There is a default security password generated at startup
尝试自动连接AuthenticationManagerBuilder:
@Override
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception { ... }
标签:spring-java-config,java,spring,spring-boot,spring-security
来源: https://codeday.me/bug/20190923/1815141.html