我想使用Spring Security进行JWT身份验证.但它带有默认身份验证.我试图禁用它,但是这样做的旧方法 - 禁用它application.properties- 在2.0中已弃用.
这是我试过的:
@Configuration
public class StackWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().disable();
// http.authorizeRequests().anyRequest().permitAll(); // Also doesn't work.
}
}
我怎样才能简单地禁用基本安全性?
更新
可能很高兴知道我不使用web mvc而是web flux.
截图:
根据Spring 2.0中的新更新,如果Spring Security在类路径上,Spring Boot将添加@EnnWebSecurity.So向application.properties添加条目是不行的(即它不再可以这样定制).有关更多信息,请访问官方网站Spring Boot 2.0中的安全性更改
虽然不确定您的要求,我可以想到一个解决方法如下: -
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception{
http.authorizeRequests().antMatchers("/").permitAll();
}
}
希望这可以帮助.
根据参考文档,允许使用WebFlux的所有请求的安全配置应如下所示:
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;
@Configuration
public class SecurityConfig {
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http.authorizeExchange().anyExchange().permitAll();
return http.build();
}
}
从Spring Boot 2.1开始,如果包含spring-boot-actuator,仅排除SecurityAutoconfiguration就不再足够了,还需要排除ManagementWebSecurityAutoConfiguration,如下所示:
@SpringBootApplication(exclude = { SecurityAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class })
这对我有用:
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().anyRequest().permitAll();
}
}
您可以在Application类中添加/修改以下内容:
@SpringBootApplication(exclude = { SecurityAutoConfiguration.class })
public class MyApplication {
}
京公网安备 11010802040832号 | 京ICP备19059560号-6 