如何禁用Spring Boot安全性

时间:2019-03-19 16:04:53

标签: java spring spring-boot spring-security

场景: 将父POM扩展为子POM。因此. ├── group_vars │ ├── dev │ │ └── wso2 │ │ ├── apim-analytics.yml │ │ ├── apim-is-as-km.yml │ │ └── apim.yml │ └── test │ └── wso2 │ ├── apim-analytics.yml │ ├── apim-is-as-km.yml │ └── apim.yml ├── host_vars │ ├── dev │ │ └── wso2 │ │ ├── apim-analytics-dashboard_1.yml │ │ ├── apim-analytics-worker_1.yml │ │ ├── apim-gateway_1.yml │ │ ├── apim-is-as-km_1.yml │ │ ├── apim-km_1.yml │ │ ├── apim-publisher_1.yml │ │ ├── apim-store_1.yml │ │ ├── apim-tm_1.yml │ │ ├── wso2-apim-01.yml │ │ └── wso2-apim-02.yml │ └── test │ └── wso2 │ ├── apim-analytics-dashboard_1.yml │ ├── apim-analytics-worker_1.yml │ ├── apim-gateway_1.yml │ ├── apim-is-as-km_1.yml │ ├── apim-km_1.yml │ ├── apim-publisher_1.yml │ ├── apim-store_1.yml │ ├── apim-tm_1.yml │ ├── wso2-apim-01.yml │ └── wso2-apim-02.yml 获得了继承。

通常,如果spring-boot-starter-security被触发,则该控件进入定义以下方法的Controller类:

http://localhost:9000/

包含父级POM(嵌入了Spring Security)之后,触发上述URL时,将弹出“用户名和密码”窗口。

我们如何绕过此安全性。

@GetMapping("/") public String main(Model model, @RequestHeader HttpHeaders headers) { //body } 模块中包含此类:

Web

但是没有成功。 编辑: 父级POM:

@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
        PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
        auth.inMemoryAuthentication()
                .withUser("spring")
                .password(encoder.encode("secret"))
                .roles("USER")
                .and()
                .withUser("user1").password(encoder.encode("password")).roles("USER")
                .and()
                .withUser("admin1").password(encoder.encode("password")).roles("ADMIN");
    }

    @Override
    protected void configure(final HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .authorizeRequests()
                .antMatchers("/anonymous*", "/error*").anonymous()
                .antMatchers("/").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .successHandler(successHandler())
                .and()
                .logout().deleteCookies("JSESSIONID")
                .and()
                .rememberMe().key("uniqueAndSecret").tokenValiditySeconds(86400)
                .and()
                .sessionManagement()
                .sessionFixation().migrateSession()
                .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
                .invalidSessionUrl("/invalidSession.html")
                .maximumSessions(2)
                .expiredUrl("/sessionExpired.html");
    }
    private AuthenticationSuccessHandler successHandler() {
        return new SimpleUrlAuthenticationSuccessHandler();
    }
    @Bean
    public HttpSessionEventPublisher httpSessionEventPublisher() {
        return new HttpSessionEventPublisher();
    }
}

1 个答案:

答案 0 :(得分:0)

只需为所有请求在rel1.setOnClickListener(new View.OnClickListener(){ @Override public void onClick(View v){ // your code here } } 中禁用Spring Security:

SecurityConfiguration

或者,您可以对任何HTTP方法进行更细化的操作:

    @Override
    public void configure(WebSecurity web) {
        web
                .ignoring()
                .antMatchers("/**");
    }
  

要进行进一步的微调,您还可以咨询documentation on this topic