java - 禁用 spring security 不起作用

Question

这个问题已经有答案了:

Spring Boot 2.0.x disable security for certain profile (7 个回答)

已关闭 4 年前。

我使用了 spring boot 2.1.6.RELEASE 并在 pom.xml 中添加了 spring security。我的 pom.xml 是:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.1.6.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.rest.restfulwebservices</groupId>
    <artifactId>restfulwebservices</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>restfulwebservices</name>
    <description>Demo project for Spring Boot</description>

    <properties>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>

        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>

        <!-- for getting data in xml format-->
        <!-- https://mvnrepository.com/artifact/com.fasterxml.jackson.dataformat/jackson-dataformat-xml -->
        <dependency>
            <groupId>com.fasterxml.jackson.dataformat</groupId>
            <artifactId>jackson-dataformat-xml</artifactId>
        </dependency>



    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>

在 application.properties 文件中，我添加了一些代码来禁用 spring secutiry:

security.ignored=/**
spring.security.enabled=false
management.security.enabled=false
security.basic.enabled=false

我的加载类是:

package com.rest.restfulwebservices.restfulwebservices;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;

import java.util.Locale;

@SpringBootApplication(scanBasePackages = {"com.rest"})
public class RestfulwebservicesApplication {

    public static void main(String[] args) {
        SpringApplication.run(RestfulwebservicesApplication.class, args);
    }


}

虽然我添加了禁用 spring security 的配置，但它仍然显示默认生成的密码为:

Using generated security password: c23282bc-9b85-4fc4-a947-81a5f668a751

为什么禁用 Spring Security 不起作用？

Answer 1

security.ignored=/** 从 Spring Boot 2 开始已弃用。使用 antMatchers("/**").permitAll(); 允许所有请求，或者，如果您不想使用 Spring Security，只需删除依赖项

@Configuration
@EnableWebSecurity
public class SecurityConfiguration  extends WebSecurityConfigurerAdapter{
    @Override
    protected void configure(HttpSecurity http) throws Exception{
        http.authorizeRequests().antMatchers("/**").permitAll();
    }
}