Spring Boot 2.x和Spring Security 5.x后禁用认证

发表于 | 阅读次数: 42

Spring Boot 2.x和Spring Security 5.x前禁用认证

在application.yml或application.properties中加入这么一段(yml与properties差异请自行搜索,这里示意)

1
2
security.basic.enabled=false
management.security.enabled=false

这样可以禁用掉弹出的用户名及密码输入

Spring Boot 2.x和Spring Security 5.x后禁用认证

由于改版之后,如下的一些配置均废弃

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
security.basic.authorize-mode
security.basic.enabled
security.basic.path
security.basic.realm
security.enable-csrf
security.headers.cache
security.headers.content-security-policy
security.headers.content-security-policy-mode
security.headers.content-type
security.headers.frame
security.headers.hsts
security.headers.xss
security.ignored
security.require-ssl
security.sessions

导致即使按照上面的配置配好后也无法生效

解决方案

参照地址: stackoverflow

在启动类前的@SpringBootApplication注解中加入exclude属性SecurityAutoConfigurationManagementWebSecurityAutoConfiguration,以排除安全认证

1
2
3
4
5
6
7
@SpringBootApplication(exclude = {SecurityAutoConfiguration.class, 
        ManagementWebSecurityAutoConfiguration.class})
public class DemoApplication {
    public static void main(String[] args) {
        SpringApplication.run(DemoApplication.class,args);
    }
}

坚持原创技术分享,您的支持将鼓励我继续创作