Question

我正在使用Spring Security进行基本身份验证。但是它带有默认身份验证，我正在尝试通过application.properties禁用它。这是我尝试过的：

SpringBasicSecurityApplication.java

@SpringBootApplication(exclude={SecurityAutoConfiguration.class})
@EnableWebSecurity
public class SpringBasicSecurityApplication {
    public static void main(String[] args) {
        SpringApplication.run(SpringBasicSecurityApplication.class, args);
    }
}

ApplicationController.java

@RestController
@RequestMapping("/rest/auth")
public class ApplicationController {
      @GetMapping("/getMsg")
      public String greeting() {
            return "Spring Security Example!!!";
      }
}

application.properties

spring.security.user.name=xusername
spring.security.user.passward=xpassword
server.port = 8081
logging.level.org.springframework.boot.autoconfigure.security=INFO

我在做什么错？预先感谢。

Answer 1

只需授予所有人对配置中任何请求的权限：

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    // HTTP security configuration
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .authorizeRequests()
                .requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
                .anyRequest().permitAll
                .and().httpBasic();
    }

}

Answer 2

感谢@ Seldo97，您的建议对我有用，但我想对某些特殊类型的URL进行身份验证，因此在您的代码帮助下，我确实喜欢：-

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication().withUser("admin").password("admin").roles("ADMIN");
    auth.inMemoryAuthentication().withUser("user").password("user").roles("USER");
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();
    http.authorizeRequests().antMatchers("/resto/**").hasRole("ADMIN").anyRequest().fullyAuthenticated().and()
            .httpBasic();

`@Bean
public static NoOpPasswordEncoder passwordEncoder() {
    return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
}`

谢谢您的帮助：）

Spring Boot 2.3.2默认安全性

2 个答案: