Spring Boot2 关闭 Spring Security 权限验证
Spring Boot Spring Security About 2,332 words背景介绍
因整合了Spring Security
权限验证,在开发阶段调试变得困难,Postman
保持session
难度较大。所以决定开发阶段暂时关闭权限验证。
Spring Boot1.x
可使用如下配置即可解决:
security:
basic:
enabled: false
management:
security:
enabled: false
Spring Boot2.x
方法一
@EnableWebSecurity
是默认开启的,在SpringBootApplication
注解类中排除SecurityAutoConfiguration
:
@SpringBootApplication(exclude = {SecurityAutoConfiguration.class})
特别提醒:对于自定义拦截器来实现更灵活的角色权限控制的,此方法可能不起作用。
方法二
禁用csrf
,放行所有请求:
@Configuration
@EnableWebSecurity(debug = true)//已经自动配置了,此处只是为了打印debug信息
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().anyRequest().permitAll().and().logout().permitAll();
}
}
如有以下信息:
{
"timestamp": 1582163333230,
"status": 403,
"error": "Forbidden",
"message": "Access Denied",
"path": "/sm/user/list"
}
可能是自定义了AbstractSecurityInterceptor
和Filter
对象:
@Service
public class CustomFilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
// ...
}
解决办法:把@Service
注释,并且找到引用这个CustomFilterSecurityInterceptor
,都注释掉。如:
@Configuration
@EnableWebSecurity(debug = true)//已经自动配置了,此处只是为了打印debug信息
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
/*http.csrf().disable();
http.formLogin().permitAll();
http.logout().logoutSuccessHandler(new CustomLogoutSuccessHandler()).permitAll();
http.authorizeRequests().anyRequest().authenticated();
http.exceptionHandling().accessDeniedHandler(new CustomAccessDeniedHandler()).authenticationEntryPoint(new CustomAuthenticationEntryPoint());
http.addFilterBefore(customFilterSecurityInterceptor, FilterSecurityInterceptor.class);
customUsernamePasswordAuthenticationFilter.setAuthenticationSuccessHandler(new CustomAuthenticationSuccessHandler());
customUsernamePasswordAuthenticationFilter.setAuthenticationFailureHandler(new CustomAuthenticationFailureHandler());
http.addFilterAt(customUsernamePasswordAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
*/
http.csrf().disable().authorizeRequests().anyRequest().permitAll().and().logout().permitAll();
}
}
Views: 18,871 · Posted: 2020-02-20
————        END        ————
Give me a Star, Thanks:)
https://github.com/fendoudebb/LiteNote扫描下方二维码关注公众号和小程序↓↓↓
Loading...