blocks|key|736997|text|这就是我最后是如何解决这个问题的。下面是我的安全配置在SpringBoot1.5.x中的一个示例。使用属性security.basic.enabled=false禁用了安全性|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|736998|@Configuration
@EnableWebSecurity
public+class+SecurityConfig+extends+WebSecurityConfigurerAdapter+{

++++@Override
++++public+void+configure(WebSecurity+web)+throws+Exception+{
++++++++web.ignoring().antMatchers("/upload/**");
++++}

++++@Override
++++protected+void+configure(HttpSecurity+http)+throws+Exception+{
++++++++http.csrf().disable().authorizeRequests()
++++++++++++++++.anyRequest().authenticated()
++++++++++++++++.and().httpBasic();
++++}
}|code-block|syntax|javascript|736999|由于security.basic.enabled在Spring+2中被删除(但仍然保留为属性名称)，所以我最终使用security.enabled作为自定义属性。下面是我的配置在Spring+2中的一个示例：|737000|@Configuration
@EnableWebSecurity
public+class+SecurityConfig+extends+WebSecurityConfigurerAdapter+{

++++@Value("${security.enabled:true}")
++++private+boolean+securityEnabled;

++++@Override
++++public+void+configure(WebSecurity+web)+throws+Exception+{
++++++++if+(securityEnabled)
++++++++++++web.ignoring().antMatchers("/upload/**");
++++++++else
++++++++++++web.ignoring().antMatchers("/**");
++++}

++++@Override
++++protected+void+configure(HttpSecurity+http)+throws+Exception+{
++++++++if+(securityEnabled)
++++++++++++http.csrf().disable().authorizeRequests()
++++++++++++++++++++.anyRequest().authenticated()
++++++++++++++++++++.and().httpBasic();
++++}
}|737001|entityMap^0|1H|S|0|0|2|M|1L|G|0|0^^$0|@$1|2|3|4|5|6|7|Q|8|@$9|R|A|S|B|C]]|D|@]|E|$]]|$1|F|3|G|5|H|7|T|8|@]|D|@]|E|$I|J]]|$1|K|3|L|5|6|7|U|8|@$9|V|A|W|B|C]|$9|X|A|Y|B|C]]|D|@]|E|$]]|$1|M|3|N|5|H|7|Z|8|@]|D|@]|E|$I|J]]|$1|O|3|-4|5|6|7|10|8|@]|D|@]|E|$]]]|P|$]]

Here is how I ended up solving the problem. Here is an example of how my security config looked in Spring Boot 1.5.x. Security was disabled with property <code>security.basic.enabled=false</code>:

<pre><code>@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

 @Override
 public void configure(WebSecurity web) throws Exception {
 web.ignoring().antMatchers("/upload/**");
 }

 @Override
 protected void configure(HttpSecurity http) throws Exception {
 http.csrf().disable().authorizeRequests()
 .anyRequest().authenticated()
 .and().httpBasic();
 }
}
</code></pre>

Since <code>security.basic.enabled</code> was removed in Spring Boot 2 (but still reserved as property name), I ended up using <code>security.enabled</code> as a custom property. Here's an example of how my config looks in Spring Boot 2:

<pre><code>@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

 @Value("${security.enabled:true}")
 private boolean securityEnabled;

 @Override
 public void configure(WebSecurity web) throws Exception {
 if (securityEnabled)
 web.ignoring().antMatchers("/upload/**");
 else
 web.ignoring().antMatchers("/**");
 }

 @Override
 protected void configure(HttpSecurity http) throws Exception {
 if (securityEnabled)
 http.csrf().disable().authorizeRequests()
 .anyRequest().authenticated()
 .and().httpBasic();
 }
}
</code></pre>

blocks|key|1004507|text|您必须添加自定义的Security配置，请参阅弹簧启动参考指南|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|1004508|28.1+MVC安全
默认的安全配置在SecurityAutoConfiguration和UserDetailsServiceAutoConfiguration中实现。SecurityAutoConfiguration为web安全导入SpringBootWebSecurityConfiguration，UserDetailsServiceAutoConfiguration配置身份验证，这也与非web应用程序相关。要完全关闭默认的web应用程序安全配置，可以添加WebSecurityConfigurerAdapter类型的bean+(这样做不会禁用UserDetailsService配置或Actuator的安全性)。|blockquote|style|BOLD|CODE|1004509|例如：|1004510|@Configuration
public+class+ApplicationSecurity+extends+WebSecurityConfigurerAdapter+{

++++@Override
++++public+void+configure(WebSecurity+web)+throws+Exception+{
++++++++web
+++++++++++.ignoring()
+++++++++++++++.antMatchers("/**");
++++}
}|code-block|syntax|javascript|1004511|若要仅对配置文件使用配置，请向类添加@Profile。如果要按属性启用它，请将ConditionalOnProperty添加到类中。|1004512|entityMap|0|LINK|mutability|MUTABLE|url|https://docs.spring.io/spring-boot/docs/2.0.0.RELEASE/reference/htmlsingle/#boot-features-security-mvc|1|https://docs.spring.io/spring-framework/docs/5.0.4.RELEASE/javadoc-api/org/springframework/context/annotation/Profile.html|2|https://docs.spring.io/spring-boot/docs/2.0.0.RELEASE/api/org/springframework/boot/autoconfigure/condition/ConditionalOnProperty.html^0|N|8|0|0|0|A|J|P|19|Z|2C|P|39|Y|48|Z|6G|S|7O|I|0|0|0|I|8|13|L|I|8|1|13|L|2|0^^$0|@$1|2|3|4|5|6|7|14|8|@]|9|@$A|15|B|16|1|17]]|C|$]]|$1|D|3|E|5|F|7|18|8|@$A|19|B|1A|G|H]|$A|1B|B|1C|G|I]|$A|1D|B|1E|G|I]|$A|1F|B|1G|G|I]|$A|1H|B|1I|G|I]|$A|1J|B|1K|G|I]|$A|1L|B|1M|G|I]|$A|1N|B|1O|G|I]]|9|@]|C|$]]|$1|J|3|K|5|6|7|1P|8|@]|9|@]|C|$]]|$1|L|3|M|5|N|7|1Q|8|@]|9|@]|C|$O|P]]|$1|Q|3|R|5|6|7|1R|8|@$A|1S|B|1T|G|I]|$A|1U|B|1V|G|I]]|9|@$A|1W|B|1X|1|1Y]|$A|1Z|B|20|1|21]]|C|$]]|$1|S|3|-4|5|6|7|22|8|@]|9|@]|C|$]]]|T|$U|$5|V|W|X|C|$Y|Z]]|10|$5|V|W|X|C|$Y|11]]|12|$5|V|W|X|C|$Y|13]]]]

You have to add a custom Spring Security configuration, see <a href="https://docs.spring.io/spring-boot/docs/2.0.0.RELEASE/reference/htmlsingle/#boot-features-security-mvc" rel="noreferrer">Spring Boot Reference Guide</a>:

<blockquote>
 28.1 MVC Security
 
 The default security configuration is implemented in <code>SecurityAutoConfiguration</code> and <code>UserDetailsServiceAutoConfiguration</code>. <code>SecurityAutoConfiguration</code> imports <code>SpringBootWebSecurityConfiguration</code> for web security and <code>UserDetailsServiceAutoConfiguration</code> configures authentication, which is also relevant in non-web applications. To switch off the default web application security configuration completely, you can add a bean of type <code>WebSecurityConfigurerAdapter</code> (doing so does not disable the <code>UserDetailsService</code> configuration or Actuator’s security).
</blockquote>

For example:

<pre class="lang-java prettyprint-override"><code>@Configuration
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {

 @Override
 public void configure(WebSecurity web) throws Exception {
 web
 .ignoring()
 .antMatchers("/**");
 }
}
</code></pre>

To use the configuration only for a profile add <a href="https://docs.spring.io/spring-framework/docs/5.0.4.RELEASE/javadoc-api/org/springframework/context/annotation/Profile.html" rel="noreferrer"><code>@Profile</code></a> to the class. If you want to enable it by property, add <a href="https://docs.spring.io/spring-boot/docs/2.0.0.RELEASE/api/org/springframework/boot/autoconfigure/condition/ConditionalOnProperty.html" rel="noreferrer"><code>ConditionalOnProperty</code></a> to the class.

blocks|key|737058|text|实际上，这个问题的某些配置有几个答案；在我的例子中，我一直在使用Security和JWT来讨论Spring+2。为了确保REST端点的安全，我需要创建令牌等。在编写代码并尝试测试端点以查看JWT是否正常工作后，我最终将面临默认登录页面。我尝试更改上面提到的属性文件，最后通过将@SpringBootApplication(exclude+=+{SecurityAutoConfiguration.class}+)注释添加到我的应用程序类中来禁用它。|type|unstyled|depth|inlineStyleRanges|offset|length|style|BOLD|CODE|entityRanges|data|737059|@SpringBootApplication(exclude+=+{SecurityAutoConfiguration.class}+)
public+class+JwtWithSpringBootApplication+{

++++public+static+void+main(String[]+args)+{
++++++++SpringApplication.run(JwtWithSpringBootApplication.class,+args);
++++}
}|code-block|syntax|javascript|737060|entityMap^0|3U|1W|3U|1W|0|0^^$0|@$1|2|3|4|5|6|7|N|8|@$9|O|A|P|B|C]|$9|Q|A|R|B|D]]|E|@]|F|$]]|$1|G|3|H|5|I|7|S|8|@]|E|@]|F|$J|K]]|$1|L|3|-4|5|6|7|T|8|@]|E|@]|F|$]]]|M|$]]

Actually there are several answers for certain configurations for this question; in my case I have been playing around Spring Boot 2 with Spring Security and JWT. In order to secure my REST endpoints I need to create tokens etc. After I wrote my code and tried to test my endpoints to see if JWT works fine, I end up facing default login page. I tried changing properties file mentioned above and finally I disabled it by adding the <code>@SpringBootApplication(exclude = {SecurityAutoConfiguration.class} )</code> annotation to my application class.

<pre class="lang-java prettyprint-override"><code>@SpringBootApplication(exclude = {SecurityAutoConfiguration.class} )
public class JwtWithSpringBootApplication {

 public static void main(String[] args) {
 SpringApplication.run(JwtWithSpringBootApplication.class, args);
 }
}
</code></pre>

blocks|key|2002884|text|在spring+2中还有另一个禁用安全性的选项。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|2002885|@EnableAutoConfiguration(exclude+=+{SecurityAutoConfiguration.class})|code-block|syntax|javascript|2002886|将其添加到主类中|2002887|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|K|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|L|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|M|8|@]|9|@]|A|$]]|$1|I|3|-4|5|6|7|N|8|@]|9|@]|A|$]]]|J|$]]

There is another option to disable security in spring boot 2

<pre><code>@EnableAutoConfiguration(exclude = {SecurityAutoConfiguration.class})
</code></pre>

Add this over the main class

blocks|key|1004763|text|在springboot+2.1.4我不得不这样做|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1004764|@EnableAutoConfiguration(exclude+=+{SecurityAutoConfiguration.class,+SecurityFilterAutoConfiguration.class})|code-block|syntax|javascript|1004765|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|J|8|@]|9|@]|A|$E|F]]|$1|G|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|H|$]]

In springboot 2.1.4 I had to do this

<pre><code>@EnableAutoConfiguration(exclude = {SecurityAutoConfiguration.class, SecurityFilterAutoConfiguration.class})
</code></pre>

blocks|key|737153|text|弹簧启动2.1.3|type|unstyled|depth|inlineStyleRanges|entityRanges|data|737154|对于特定的配置文件"dev“|737155|创建一个新的Spring配置类|737156|@Configuration
@EnableAutoConfiguration(exclude+=+{SecurityAutoConfiguration.class})
@Profile("dev")
public+class+WebSecurityConfigDisable++{

}|code-block|syntax|javascript|737157|这将禁用弹簧安全。|737158|entityMap^0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|O|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|P|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|Q|8|@]|9|@]|A|$]]|$1|F|3|G|5|H|7|R|8|@]|9|@]|A|$I|J]]|$1|K|3|L|5|6|7|S|8|@]|9|@]|A|$]]|$1|M|3|-4|5|6|7|T|8|@]|9|@]|A|$]]]|N|$]]

Spring Boot 2.1.3

For a certain profile "dev"

Create a new Spring Configuration class

<pre><code>@Configuration
@EnableAutoConfiguration(exclude = {SecurityAutoConfiguration.class})
@Profile("dev")
public class WebSecurityConfigDisable {

}
</code></pre>

This will disable the spring security.

blocks|key|1004776|text|您可以通过排除SecurityAutoConfiguration.class和ManagementWebSecurityAutoConfiguration.class在获得弹簧引导执行器依赖时必须排除它来禁用spring安全自动配置。|type|unstyled|depth|inlineStyleRanges|offset|length|style|BOLD|entityRanges|data|1004777|@SpringBootApplication(
exclude+=+{+SecurityAutoConfiguration.class,++
++++++++++++ManagementWebSecurityAutoConfiguration.class+})
public+class+MySpringBootApplication+{|code-block|syntax|javascript|1004778|然后，可以使用配置文件或配置参数有条件地配置自定义WebSecurityConfigurerAdapter，如下所示|1004779|@Configuration
@ConditionalOnProperty(prefix+=+"security.custom",+name+=+"enabled",+havingValue="true")
@EnableWebSecurity
public+class+CustomWebSecurityConfiguration+extends+WebSecurityConfigurerAdapter+{|1004780|entityMap^0|7|V|13|18|0|0|0|0^^$0|@$1|2|3|4|5|6|7|Q|8|@$9|R|A|S|B|C]|$9|T|A|U|B|C]]|D|@]|E|$]]|$1|F|3|G|5|H|7|V|8|@]|D|@]|E|$I|J]]|$1|K|3|L|5|6|7|W|8|@]|D|@]|E|$]]|$1|M|3|N|5|H|7|X|8|@]|D|@]|E|$I|J]]|$1|O|3|-4|5|6|7|Y|8|@]|D|@]|E|$]]]|P|$]]

You can disable spring security auto-configuration by excluding SecurityAutoConfiguration.class and ManagementWebSecurityAutoConfiguration.class has to excluded when got spring-boot-actuator dependency
<pre><code>@SpringBootApplication(
exclude = { SecurityAutoConfiguration.class, 
 ManagementWebSecurityAutoConfiguration.class })
public class MySpringBootApplication {
</code></pre>
Then you can conditionally configure your custom WebSecurityConfigurerAdapter using profile or config paramter something like this
<pre><code>@Configuration
@ConditionalOnProperty(prefix = &quot;security.custom&quot;, name = &quot;enabled&quot;, havingValue=&quot;true&quot;)
@EnableWebSecurity
public class CustomWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
</code></pre>

In Spring Boot 1.5.x, I've had Security configured and in certain profiles (e.g. local), I've added <code>security.basic.enabled=false</code> line to the .properties file to disable all security for that profile. I'm trying to migrate to the new Spring Boot 2, where that configuration property is removed. How can I achieve the same behaviour (without using this property) in Spring Boot 2.0.x?

I've already read <a href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-Security-2.0" rel="noreferrer">Spring-Boot-Security-2.0</a> and <a href="https://spring.io/blog/2017/09/15/security-changes-in-spring-boot-2-0-m4" rel="noreferrer">security-changes-in-spring-boot-2-0-m4</a> and there is nothing regarding this property.

Spring Boot 2.0.x disable security for certain profile

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

在SpringBoot1.5.x中，我已经配置了安全性，并且在某些配置文件(例如本地配置文件)中，我将security.basic.enabled=false行添加到.properties文件中，以禁用该配置文件的所有安全性。我正在尝试迁移到新的Spring 2，其中删除了该配置属性。如何在SpringBoot2.0....

问SpringBoot2.0.x禁用某些配置文件的安全性
EN

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问SpringBoot2.0.x禁用某些配置文件的安全性EN