堆栈内存溢出
  简体   繁体   English

Spring Boot 2.2.4 - 禁用安全性

[英]Spring Boot 2.2.4 - disable security

 原文  2020-02-27 10:40:44       java/ spring/ spring-boot/ security

问题描述

I found a massive amount of blog posts and questions on stackoverflow on how to disable security in spring boot - but none of it seems to work with spring boot 2.2.4.我在 stackoverflow 上发现了大量关于如何在 spring boot 中禁用安全性的博客文章和问题 - 但似乎都不适用于 spring boot 2.2.4。

I'm asking because I want to configuratively disable security for my dev and test profile so that we can deploy without generating jwt tokens all the time.我问是因为我想以配置方式禁用我的开发和测试配置文件的安全性,以便我们可以在不生成 jwt 令牌的情况下进行部署。

The most promising approach from my perspective is to exclude the SecurityAutoConfiguration class via the properties file but as said the exclusion has no effect.从我的角度来看,最有希望的方法是通过属性文件排除SecurityAutoConfiguration类,但正如所说的排除没有任何影响。

spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration

The other properties such as management.security.enabled seem to be deprecated.其他属性如management.security.enabled似乎已弃用。

2 个解决方案

解决方案1
 3 已采纳  2020-02-28 11:12:07

I found a working solution in the spring boot github issues.我在 spring boot github问题中找到了一个可行的解决方案。

Disable security for the entire application:禁用整个应用程序的安全性:

@SpringBootApplication ( exclude = {SecurityAutoConfiguration.class} )
@Import(MySecurityConfiguration.class)
public class MyApplication{
 }

... and enable via parameter in the security configuration: ...并通过安全配置中的参数启用:

@Configuration
@ConditionalOnProperty (  "my.security.enabled" )
@Import ( SecurityAutoConfiguration.class 
public class MySecurityConfiguration extends WebSecurityConfigurerAdapter {

}

Source: https://github.com/spring-projects/spring-boot/issues/12323#issuecomment-370519882来源: https : //github.com/spring-projects/spring-boot/issues/12323#issuecomment-370519882

解决方案2
 0  2020-02-27 12:49:56

You could create a WebSecurityConfigurerAdapter Bean for your profile containing following overriden method implementation, to exclude all endpoints from spring security:您可以为包含以下覆盖方法实现的配置文件创建一个 WebSecurityConfigurerAdapter Bean,以从 Spring Security 中排除所有端点:

    @Override
    public void configure(WebSecurity web) {
        web.ignoring().antMatchers(
                "/**"
        );
    }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring启动,禁用测试安全性 - Spring boot, disable security for tests 如何禁用Spring Boot安全性 - How to disable Spring Boot Security 在从 openfeign 客户端(引导 2.2.4)到 Spring Data Rest API(引导 1.5.9)的调用中禁用特殊字符转义 - Disable special character escaping in call from openfeign client (boot 2.2.4) to Spring Data Rest API (boot 1.5.9) 无法在Spring Boot 2.0.1中禁用Spring Security - Cannot Disable Spring Security in Spring Boot 2.0.1 Spring Boot:禁用安全性自动配置 - Spring boot: disable security auto configuration Spring Boot 1.5禁用OAuth2安全性 - Spring boot 1.5 disable oauth2 security Spring Boot:禁用状态异常代码的安全性 - Spring Boot: disable security for status exception code 无法在Spring Boot中禁用CSRF安全性 - Cannot disable CSRF security in Spring Boot 如何在 Spring Boot Security 中启用或禁用用户 - How to enable or disable user in Spring Boot Security Spring Boot 2.2.4 应用程序,使用 Swagger - Spring Boot 2.2.4 application, using Swagger
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM