我正在尝试使用Spring-Boot创建REST Api,我需要为测试目的禁用安全性。我希望能够在没有任何安全约束的情况下使用PostMan。
我尝试了几种方法,但似乎没有任何工作,就好像从未应用过AplicationTest配置一样。
这是我的 ApplicationTest 类
的代码@SpringBootApplication
@Configuration()
public class ApplicationTests {
public static void main(String[] args) {
SpringApplicationBuilder ab = new SpringApplicationBuilder(ApplicationTests.class);
Map<String, Object> properties = new HashMap<>();
properties.put("server.port", 9999);
properties.put("security.basic.enabled", false);
properties.put("security.enable-csrf", false);
ab.properties(properties);
ab.run(args);
}
@Configuration
protected static class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().disable();
http.authorizeRequests().antMatchers("/**").permitAll();
}
}
}
这是我的 SecurityConfig 类
@Configuration
@ComponentScan("com.app")
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
AuthenticationService authenticationService;
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.httpBasic().and()
.authorizeRequests()
.antMatchers("/api/business/**").hasAnyRole("BUSINESS", "ADMIN")
.antMatchers("/api/users/**").hasAnyRole("USER", "ADMIN")
.antMatchers("/api/admins/**").hasRole("ADMIN")
.antMatchers("/**").permitAll()
.anyRequest().authenticated()
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
// @formatter:on
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
ShaPasswordEncoder encoder = new ShaPasswordEncoder();
auth.userDetailsService(authenticationService).passwordEncoder(encoder);
}
}