英文:
Spring Boot Security - allow without authentication
问题
Spring Boot安全性允许匿名用户
我正试图配置Spring Boot安全性以允许匿名用户访问除一个页面外的所有URL。默认情况下,使用Spring生成的用户和安全密码。
我只需要一个用于维护应用程序的页面。
我已经尝试了很多提示和教程。
还有其他的方法。
但是Spring仍然要求所有页面进行身份验证。
我的当前安全配置
@EnableWebSecurity@Configurationpublic class SecurityConf extends WebSecurityConfigurerAdapter {@Overridepublic void configure(HttpSecurity http) throws Exception {http.csrf().disable().authorizeRequests().anyRequest().anonymous().antMatchers("/secure").authenticated();}}
Web配置
@Configuration@EnableWebMvc@EnableAsyncpublic class WebConf implements WebMvcConfigurer {@Overridepublic void addResourceHandlers(ResourceHandlerRegistry registry) {WebMvcConfigurer.super.addResourceHandlers(registry);registry.addResourceHandler("/webjars/**").addResourceLocations("/webjars/");}@Beanpublic Executor asyncExecutor() {ThreadPoolTaskExecutor executor = new ThreadPoolTaskExecutor();executor.setCorePoolSize(5);executor.setMaxPoolSize(5);executor.setQueueCapacity(500);executor.setThreadNamePrefix("Asynchronous Process-");executor.initialize();return executor;}}
主方法
@ComponentScan@SpringBootApplication@EnableSchedulingpublic class MainServiceApplication {public static void main(String[] args) {SpringApplication.run(MainServiceApplication.class, args);}}
我尝试了.permitAll()和.anonymous()但没有成功。
编辑1
项目结构
编辑2
@ComponentScan()@SpringBootApplication@EnableSchedulingpublic class MainServiceApplication {public static void main(String[] args) {SpringApplication.run(MainServiceApplication.class, args);}}
通过移动配置包解决。Spring没有扫描配置包。
英文:
Spring boot security allow anonymous user
I am trying configure Spring Boot Security to allow anonymous user reach all URLs except one. By default user and generated security password by Spring.
I need just one page for maintanance application
I already tried a lot tips and tutorials.
<a href="https://stackoverflow.com/questions/24696717/spring-security-permitall-not-allowing-anonymous-access">1</a>
<a href="https://www.baeldung.com/security-none-filters-none-access-permitAll">2</a>
<a href="https://stackoverflow.com/questions/57275361/how-to-allow-guest-to-access-home-page-without-login-in-spring-security">3</a>
<a href="https://stackoverflow.com/questions/36809561/spring-security-thymleaf-static-resources-dont-load">4</a>
And others.
But Spring still required authetification for all pages.
<br>
My current security config
@EnableWebSecurity@Configurationpublic class SecurityConf extends WebSecurityConfigurerAdapter {@Overridepublic void configure(HttpSecurity http) throws Exception {http.csrf().disable().authorizeRequests().anyRequest().anonymous().antMatchers("/secure").authenticated();}}
Web configuration
@Configuration@EnableWebMvc@EnableAsyncpublic class WebConf implements WebMvcConfigurer {@Overridepublic void addResourceHandlers(ResourceHandlerRegistry registry) {WebMvcConfigurer.super.addResourceHandlers(registry);registry.addResourceHandler("/webjars/**").addResourceLocations("/webjars/**");}@Beanpublic Executor asyncExecutor() {ThreadPoolTaskExecutor executor = new ThreadPoolTaskExecutor();executor.setCorePoolSize(5);executor.setMaxPoolSize(5);executor.setQueueCapacity(500);executor.setThreadNamePrefix("Asynchronous Process-");executor.initialize();return executor;}}
And main method
@ComponentScan@SpringBootApplication@EnableSchedulingpublic class MainServiceApplication {public static void main(String[] args) {SpringApplication.run(MainServiceApplication.class, args);}}
I tried
.permitAll().anonymous()
without success.
Edit 1
Project structure
Edit 2
@ComponentScan()@SpringBootApplication@EnableSchedulingpublic class MainServiceApplication {public static void main(String[] args) {SpringApplication.run(MainServiceApplication.class, args);}}
Solved by move config package. Spring did not scan configuration package.
答案1
得分: 1
以下是翻译好的内容:
你可能需要调整顺序。可能的问题是 antMatchers("/secure").authenticated() 没有效果,因为 /secure 端点将在 anyRequest() 中被考虑。还要确保 SecurityConf 在正确的包中,以便进行扫描。
@EnableWebSecurity@Configurationpublic class SecurityConf extends WebSecurityConfigurerAdapter {@Overridepublic void configure(HttpSecurity http) throws Exception {http.csrf().disable().authorizeRequests().antMatchers("/secure").authenticated().anyRequest().anonymous();}}
或者
@EnableWebSecurity@Configurationpublic class SecurityConf extends WebSecurityConfigurerAdapter {@Overridepublic void configure(HttpSecurity http) throws Exception {http.csrf().disable().authorizeRequests().antMatchers("/secure").authenticated().anyRequest().permitAll();}}
更新
你需要在 cz.lh.main_service 内部创建一个 configs 包,而且 SecurityConf 和 WebConf 应该属于 cz.lh.main_service.configs 包。
或者
你可以使用 @ComponentScan,并且可以在其中指定你拥有 SecurityConf 和 WebConf 的当前包。
@ComponentScan("your-config-package")
英文:
You may need to change the order. Possible issue is antMatchers("/secure").authenticated() has no effect due to /secure endpoint will be considerd in the anyRequest(). Also make sure SecurityConf is in correct package as required for scanning.
@EnableWebSecurity@Configurationpublic class SecurityConf extends WebSecurityConfigurerAdapter {@Overridepublic void configure(HttpSecurity http) throws Exception {http.csrf().disable().authorizeRequests().antMatchers("/secure").authenticated().anyRequest().anonymous();}}
OR
@EnableWebSecurity@Configurationpublic class SecurityConf extends WebSecurityConfigurerAdapter {@Overridepublic void configure(HttpSecurity http) throws Exception {http.csrf().disable().authorizeRequests().antMatchers("/secure").authenticated().anyRequest().permitAll();}}
UPDATE
You need to create a configs package inside cz.lh.main_service and SecurityConf and WebConf should be part of the cz.lh.main_service.configs
OR
You can use @ComponentScan and can specify the current package in which you have SecurityConf and WebConf
@ComponentScan(“your-config-package”)
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论