英文:
Spring Boot Security - allow without authentication
问题
Spring Boot安全性允许匿名用户
我正试图配置Spring Boot安全性以允许匿名用户访问除一个页面外的所有URL。默认情况下,使用Spring生成的用户和安全密码。
我只需要一个用于维护应用程序的页面。
我已经尝试了很多提示和教程。
还有其他的方法。
但是Spring仍然要求所有页面进行身份验证。
我的当前安全配置
@EnableWebSecurity
@Configuration
public class SecurityConf extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.authorizeRequests()
.anyRequest()
.anonymous()
.antMatchers("/secure")
.authenticated();
}
}
Web配置
@Configuration
@EnableWebMvc
@EnableAsync
public class WebConf implements WebMvcConfigurer {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
WebMvcConfigurer.super.addResourceHandlers(registry);
registry.addResourceHandler("/webjars/**").addResourceLocations("/webjars/");
}
@Bean
public Executor asyncExecutor() {
ThreadPoolTaskExecutor executor = new ThreadPoolTaskExecutor();
executor.setCorePoolSize(5);
executor.setMaxPoolSize(5);
executor.setQueueCapacity(500);
executor.setThreadNamePrefix("Asynchronous Process-");
executor.initialize();
return executor;
}
}
主方法
@ComponentScan
@SpringBootApplication
@EnableScheduling
public class MainServiceApplication {
public static void main(String[] args) {
SpringApplication.run(MainServiceApplication.class, args);
}
}
我尝试了.permitAll()和.anonymous()但没有成功。
编辑1
项目结构
编辑2
@ComponentScan()
@SpringBootApplication
@EnableScheduling
public class MainServiceApplication {
public static void main(String[] args) {
SpringApplication.run(MainServiceApplication.class, args);
}
}
通过移动配置包解决。Spring没有扫描配置包。
英文:
Spring boot security allow anonymous user
I am trying configure Spring Boot Security to allow anonymous user reach all URLs except one. By default user and generated security password by Spring.
I need just one page for maintanance application
I already tried a lot tips and tutorials.
<a href="https://stackoverflow.com/questions/24696717/spring-security-permitall-not-allowing-anonymous-access">1</a>
<a href="https://www.baeldung.com/security-none-filters-none-access-permitAll">2</a>
<a href="https://stackoverflow.com/questions/57275361/how-to-allow-guest-to-access-home-page-without-login-in-spring-security">3</a>
<a href="https://stackoverflow.com/questions/36809561/spring-security-thymleaf-static-resources-dont-load">4</a>
And others.
But Spring still required authetification for all pages.
<br>
My current security config
@EnableWebSecurity
@Configuration
public class SecurityConf extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.authorizeRequests()
.anyRequest()
.anonymous()
.antMatchers("/secure")
.authenticated();
}
}
Web configuration
@Configuration
@EnableWebMvc
@EnableAsync
public class WebConf implements WebMvcConfigurer {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
WebMvcConfigurer.super.addResourceHandlers(registry);
registry.addResourceHandler("/webjars/**").addResourceLocations("/webjars/**");
}
@Bean
public Executor asyncExecutor() {
ThreadPoolTaskExecutor executor = new ThreadPoolTaskExecutor();
executor.setCorePoolSize(5);
executor.setMaxPoolSize(5);
executor.setQueueCapacity(500);
executor.setThreadNamePrefix("Asynchronous Process-");
executor.initialize();
return executor;
}
}
And main method
@ComponentScan
@SpringBootApplication
@EnableScheduling
public class MainServiceApplication {
public static void main(String[] args) {
SpringApplication.run(MainServiceApplication.class, args);
}
}
I tried
.permitAll()
.anonymous()
without success.
Edit 1
Project structure
Edit 2
@ComponentScan()
@SpringBootApplication
@EnableScheduling
public class MainServiceApplication {
public static void main(String[] args) {
SpringApplication.run(MainServiceApplication.class, args);
}
}
Solved by move config package. Spring did not scan configuration package.
答案1
得分: 1
以下是翻译好的内容:
你可能需要调整顺序。可能的问题是 antMatchers("/secure").authenticated() 没有效果,因为 /secure 端点将在 anyRequest() 中被考虑。还要确保 SecurityConf 在正确的包中,以便进行扫描。
@EnableWebSecurity
@Configuration
public class SecurityConf extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/secure").authenticated()
.anyRequest().anonymous();
}
}
或者
@EnableWebSecurity
@Configuration
public class SecurityConf extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/secure").authenticated()
.anyRequest().permitAll();
}
}
更新
你需要在 cz.lh.main_service 内部创建一个 configs 包,而且 SecurityConf 和 WebConf 应该属于 cz.lh.main_service.configs 包。
或者
你可以使用 @ComponentScan,并且可以在其中指定你拥有 SecurityConf 和 WebConf 的当前包。
@ComponentScan("your-config-package")
英文:
You may need to change the order. Possible issue is antMatchers("/secure").authenticated() has no effect due to /secure endpoint will be considerd in the anyRequest(). Also make sure SecurityConf is in correct package as required for scanning.
@EnableWebSecurity
@Configuration
public class SecurityConf extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/secure").authenticated()
.anyRequest().anonymous();
}
}
OR
@EnableWebSecurity
@Configuration
public class SecurityConf extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/secure").authenticated()
.anyRequest().permitAll();
}
}
UPDATE
You need to create a configs package inside cz.lh.main_service and SecurityConf and WebConf should be part of the cz.lh.main_service.configs
OR
You can use @ComponentScan and can specify the current package in which you have SecurityConf and WebConf
@ComponentScan(“your-config-package”)
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论