禁用app里面的java_java – 在spring boot app中禁用spring security

我有一个Spring Boot web应用程序,配置了spring security.我想暂时禁用身份验证(直到需要).

我将它添加到application.properties：

security.basic.enable: false

management.security.enabled: false

这是我的一部分

但我仍然有一个基本的安全性：启动时生成一个默认的安全密码,我仍然收到HTTP身份验证提示框.

我的pom.xml：

xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

4.0.0

fr.test.sample

navigo

1.0.0-SNAPSHOT

org.springframework.boot

spring-boot-starter-parent

1.3.1.RELEASE

1.7

1.8.3

18.0

9.3-1103-jdbc41

org.springframework.boot

spring-boot-starter-web

org.springframework.boot

spring-boot-starter-actuator

org.springframework.boot

spring-boot-starter-thymeleaf

org.springframework.boot

spring-boot-starter-mail

org.springframework

spring-context-support

org.apache.velocity

velocity

org.springframework.boot

spring-boot-devtools

true

org.jsoup

jsoup

${jsoup.version}

com.google.guava

guava

${guava.version}

org.springframework.boot

spring-boot-starter-security

org.springframework.boot

spring-boot-starter-data-jpa

org.postgresql

postgresql

org.springframework.boot

spring-boot-maven-plugin

spring-snapshots

http://repo.spring.io/snapshot

true

spring-milestones

http://repo.spring.io/milestone

spring-snapshots

http://repo.spring.io/snapshot

spring-milestones

http://repo.spring.io/milestone

安全性在WebSecurityConfig.java中配置(我已注释注释以禁用它)：

//@Configuration

//@EnableWebSecurity

//@EnableGlobalMethodSecurity(prePostEnabled = true)

//@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)

public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired

UserDetailsService userDetailsService;

@Autowired

UserService userService;

@Autowired

private DataSource datasource;

@Override

protected void configure(HttpSecurity http) throws Exception {

// http.authorizeRequests().antMatchers("/bus/topologie", "/home")

// http.authorizeRequests().anyRequest().authenticated()

// .antMatchers("/admin/**").access("hasRole('ADMIN')").and()

// .formLogin().failureUrl("/login?error")

// .defaultSuccessUrl("/bus/topologie").loginPage("/login")

// .permitAll().and().logout()

// .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))

// .logoutSuccessUrl("/login").permitAll().and().rememberMe()

// .rememberMeParameter("remember-me")

// .tokenRepository(persistentTokenRepository())

// .tokenValiditySeconds(86400).and().csrf();

}

@Bean

public PersistentTokenRepository persistentTokenRepository() {

JdbcTokenRepositoryImpl tokenRepositoryImpl = new JdbcTokenRepositoryImpl();

tokenRepositoryImpl.setDataSource(datasource);

return tokenRepositoryImpl;

}

@Override

protected void configure(AuthenticationManagerBuilder auth)

throws Exception {

PasswordEncoder encoder = new BCryptPasswordEncoder();

auth.userDetailsService(userDetailsService).passwordEncoder(encoder);

auth.jdbcAuthentication().dataSource(datasource);

if (!userService.userExists("user")) {

User userAdmin = new User("user", encoder.encode("password"), true);

Set authorities = new HashSet();

authorities.add(new Authorities(userAdmin,"ADMIN"));

authorities.add(new Authorities(userAdmin,"CRIP"));

authorities.add(new Authorities(userAdmin,"USER"));

userAdmin.setAuthorities(authorities);

userService.createUser(userAdmin);

}

}

}

解决方法:

使用security.ignored属性：

security.ignored=/**

security.basic.enable：false将仅禁用安全自动配置的某些部分,但仍会注册您的WebSecurityConfig.

There is a default security password generated at startup

尝试自动连接AuthenticationManagerBuilder：

@Override

@Autowired

protected void configure(AuthenticationManagerBuilder auth) throws Exception { ... }

标签：spring-java-config,java,spring,spring-boot,spring-security

来源： https://codeday.me/bug/20190923/1815141.html