禁用弹簧安全不起作用[重复]

Posted

技术标签:

【中文标题】禁用弹簧安全不起作用[重复]【英文标题】:Disabling the spring security is not working [duplicate] 【发布时间】:2019-12-14 05:00:13 【问题描述】:

我使用了 spring boot 2.1.6.RELEASE,并在 pom.xml 中添加了 spring security。我的 pom.xml 是:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.1.6.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.rest.restfulwebservices</groupId>
    <artifactId>restfulwebservices</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>restfulwebservices</name>
    <description>Demo project for Spring Boot</description>

    <properties>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>

        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>

        <!-- for getting data in xml format-->
        <!-- https://mvnrepository.com/artifact/com.fasterxml.jackson.dataformat/jackson-dataformat-xml -->
        <dependency>
            <groupId>com.fasterxml.jackson.dataformat</groupId>
            <artifactId>jackson-dataformat-xml</artifactId>
        </dependency>



    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>

在 application.properties 文件中我添加了一些代码来禁用弹簧安全:

security.ignored=/**
spring.security.enabled=false
management.security.enabled=false
security.basic.enabled=false

我的加载类是:

package com.rest.restfulwebservices.restfulwebservices;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;

import java.util.Locale;

@SpringBootApplication(scanBasePackages = "com.rest")
public class RestfulwebservicesApplication 

    public static void main(String[] args) 
        SpringApplication.run(RestfulwebservicesApplication.class, args);

虽然我添加了禁用spring security的配置,但它仍然显示默认生成的密码为:

Using generated security password: c23282bc-9b85-4fc4-a947-81a5f668a751

为什么禁用 spring 安全性不起作用?

【问题讨论】:

能把 pom.xml 中的依赖 spring-boot-starter-security 注释掉试试看吗? 【参考方案1】:

security.ignored=/** 已从 Spring Boot 2 中弃用。使用 antMatchers("/**").permitAll(); 允许所有请求,或者如果您不想使用 Spring Security,只需删除依赖关系

@Configuration
@EnableWebSecurity
public class SecurityConfiguration  extends WebSecurityConfigurerAdapter
    @Override
    protected void configure(HttpSecurity http) throws Exception
        http.authorizeRequests().antMatchers("/**").permitAll();

【讨论】:

以上是关于禁用弹簧安全不起作用[重复]的主要内容,如果未能解决你的问题,请参考以下文章

弹簧安全返回 403,日志记录不起作用

@PreAuthorize 注释不起作用弹簧安全性

为啥弹簧测试失败,不起作用@MockBean

春季安全+休息不起作用

:禁用选择器在Jquery Validate忽略子句中不起作用[重复]

弹簧靴。 CORS。 'allowCredentials = false' 不起作用