Spring Boot2关闭Security权限验证
Spring Boot大约 2328 字背景介绍
因整合了Spring Security
权限验证,在开发阶段调试变得困难,Postman
保持session
难度较大。所以决定开发阶段暂时关闭权限验证。
Spring Boot1.x
可使用如下配置即可解决:
security:
basic:
enabled: false
management:
security:
enabled: false
Spring Boot2.x
方法一
@EnableWebSecurity
是默认开启的,在SpringBootApplication
注解类中排除SecurityAutoConfiguration
:
@SpringBootApplication(exclude = {SecurityAutoConfiguration.class})
特别提醒:对于自定义拦截器来实现更灵活的角色权限控制的,此方法可能不起作用。
方法二
禁用csrf
,放行所有请求:
@Configuration
@EnableWebSecurity(debug = true)//已经自动配置了,此处只是为了打印debug信息
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().anyRequest().permitAll().and().logout().permitAll();
}
}
如有以下信息:
{
"timestamp": 1582163333230,
"status": 403,
"error": "Forbidden",
"message": "Access Denied",
"path": "/sm/user/list"
}
可能是自定义了AbstractSecurityInterceptor
和Filter
对象:
@Service
public class CustomFilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
...
}
解决办法:把@Service
注释,并且找到引用这个CustomFilterSecurityInterceptor
,都注释掉。如:
@Configuration
@EnableWebSecurity(debug = true)//已经自动配置了,此处只是为了打印debug信息
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
/*http.csrf().disable();
http.formLogin().permitAll();
http.logout().logoutSuccessHandler(new CustomLogoutSuccessHandler()).permitAll();
http.authorizeRequests().anyRequest().authenticated();
http.exceptionHandling().accessDeniedHandler(new CustomAccessDeniedHandler()).authenticationEntryPoint(new CustomAuthenticationEntryPoint());
http.addFilterBefore(customFilterSecurityInterceptor, FilterSecurityInterceptor.class);
customUsernamePasswordAuthenticationFilter.setAuthenticationSuccessHandler(new CustomAuthenticationSuccessHandler());
customUsernamePasswordAuthenticationFilter.setAuthenticationFailureHandler(new CustomAuthenticationFailureHandler());
http.addFilterAt(customUsernamePasswordAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
*/
http.csrf().disable().authorizeRequests().anyRequest().permitAll().and().logout().permitAll();
}
}
阅读 3066 · 发布于 2020-02-20
————        END        ————
扫描下方二维码关注公众号和小程序↓↓↓

昵称:
随便看看换一批
- MySQL-Utilities工具报TypeError: wrap_socket() got an unexpected keyword argument 'ciphers'阅读 918
- Android WebView设置参考阅读 1463
- Android EditText软键盘回车键变成搜索键阅读 583
- 算法每日一题20190708:合并两个有序链表阅读 471
- MySQL规约阅读 1091
- PHP获取毫秒值时间戳阅读 662
- 软考-系统架构设计师:存储管理-段页式存储组织阅读 637
- 设计模式之外观模式阅读 307
- 前端Chrome反《反调试》阅读 1116
- Vue Router 页面间传递参数阅读 107