Spring启动:禁用安全自动配置

时间:2015-11-11 16:55:23

标签: java security web spring-security spring-boot

我有多部分网络项目。 Web Admin部分包含:

compile('org.springframework.boot:spring-boot-starter-web')
compile("org.springframework.boot:spring-boot-starter-thymeleaf")
compile("org.springframework.boot:spring-boot-starter-jetty")
compile("org.springframework.boot:spring-boot-starter-actuator")

主项目构建文件包含:

compile group: 'org.springframework', name: "spring-webmvc", version: springVersion
compile(group: 'org.springframework.security', name: "spring-security-web", version: springSecurityVersion) { exclude(module: 'spring-jdbc') }

Spring Boot应用程序文件:

@SpringBootApplication(exclude = {SecurityAutoConfiguration.class})
public class WebAdminApplication {

    public static void main(String[] args) {
        SpringApplication.run(WebAdminApplication.class, args);
    }
}

但是,当我向管理员发送http请求时,我在AuthenticationProvider中获取了用户和密码:

auth.getPrincipal() -> user
auth.getCredentials() -> caeebd3a-307b-4edf-8f2f-833fad9ebc00

如何禁用自动安全?

2 个答案:

答案 0 :(得分:3)

如果查看spring boot's spring.factories(撰写本文时为1.3.5版),您可以看到安全性有4个自动配置类:

org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration,\
org.springframework.boot.autoconfigure.security.SecurityFilterAutoConfiguration,\
org.springframework.boot.autoconfigure.security.FallbackWebSecurityAutoConfiguration,\
org.springframework.boot.autoconfigure.security.oauth2.OAuth2AutoConfiguration,\

您可能还想禁用SecurityFilterAutoConfiguration(或其中所有4个)

答案 1 :(得分:0)

即使我也面临同样的问题。因此,我添加了以下代码。

  • 情况1:如果尚未激活“ ACTUATOR”: @SpringBootApplication(exclude = { SecurityAutoConfiguration.class })

  • 情况2:如果您已激活“ ACTUATOR”: @SpringBootApplication(exclude = { org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class, org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration.class})