Spring Boot2 关闭 Security 权限验证
Spring Boot 大约 2329 字背景介绍
因整合了Spring Security
权限验证,在开发阶段调试变得困难,Postman
保持session
难度较大。所以决定开发阶段暂时关闭权限验证。
Spring Boot1.x
可使用如下配置即可解决:
security:
basic:
enabled: false
management:
security:
enabled: false
Spring Boot2.x
方法一
@EnableWebSecurity
是默认开启的,在SpringBootApplication
注解类中排除SecurityAutoConfiguration
:
@SpringBootApplication(exclude = {SecurityAutoConfiguration.class})
特别提醒:对于自定义拦截器来实现更灵活的角色权限控制的,此方法可能不起作用。
方法二
禁用csrf
,放行所有请求:
@Configuration
@EnableWebSecurity(debug = true)//已经自动配置了,此处只是为了打印debug信息
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().anyRequest().permitAll().and().logout().permitAll();
}
}
如有以下信息:
{
"timestamp": 1582163333230,
"status": 403,
"error": "Forbidden",
"message": "Access Denied",
"path": "/sm/user/list"
}
可能是自定义了AbstractSecurityInterceptor
和Filter
对象:
@Service
public class CustomFilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
...
}
解决办法:把@Service
注释,并且找到引用这个CustomFilterSecurityInterceptor
,都注释掉。如:
@Configuration
@EnableWebSecurity(debug = true)//已经自动配置了,此处只是为了打印debug信息
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
/*http.csrf().disable();
http.formLogin().permitAll();
http.logout().logoutSuccessHandler(new CustomLogoutSuccessHandler()).permitAll();
http.authorizeRequests().anyRequest().authenticated();
http.exceptionHandling().accessDeniedHandler(new CustomAccessDeniedHandler()).authenticationEntryPoint(new CustomAuthenticationEntryPoint());
http.addFilterBefore(customFilterSecurityInterceptor, FilterSecurityInterceptor.class);
customUsernamePasswordAuthenticationFilter.setAuthenticationSuccessHandler(new CustomAuthenticationSuccessHandler());
customUsernamePasswordAuthenticationFilter.setAuthenticationFailureHandler(new CustomAuthenticationFailureHandler());
http.addFilterAt(customUsernamePasswordAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
*/
http.csrf().disable().authorizeRequests().anyRequest().permitAll().and().logout().permitAll();
}
}
阅读 9377 · 发布于 2020-02-20
————        END        ————
Give me a Star, Thanks:)
https://github.com/fendoudebb扫描下方二维码关注公众号和小程序↓↓↓

昵称:
随便看看
换一批
-
Docker 部署 Nginx阅读 246
-
Nginx 使用 Basic Auth 认证做资源访问限制阅读 1920
-
Nginx 使用 X-Accel-Redirect 实现静态文件下载的统计、鉴权、防盗链、限速等阅读 5134
-
Java 中的动态代理阅读 1381
-
npm Windows 平台 install 报错阅读 4332
-
Windows 平台 lua-resty-upload 上传的文件无法打开阅读 1139
-
Android 监听 SIM 卡状态阅读 3524
-
Spring Boot 使用 Session 管理登录状态和拦截请求阅读 6184
-
Linux 命令之查看进程启动时间阅读 1530
-
Elasticsearch 插入数据 PUT阅读 2089