스프링 부트 보안 보안 비활성화
security.basic.enabled = false 를 사용하여 다음 종속성이있는 Spring Boot 프로젝트에서 보안을 비활성화 할 때 :
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>com.oracle</groupId>
<artifactId>ojdbc6</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
다음 예외가 표시됩니다.
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.boot.actuate.autoconfigure.ManagementSecurityAutoConfiguration$ManagementWebSecurityConfigurerAdapter': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.setObjectPostProcessor(org.springframework.security.config.annotation.ObjectPostProcessor); nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [org.springframework.security.config.annotation.ObjectPostProcessor] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {}
이 예외를 수정하려면 management.security.enabled = false 속성을 추가해야했습니다 . 내 이해는 액추에이터가 클래스 경로에있을 때 security.basic.enabled = false 및 management.security.enabled = false 를 모두 설정하여 보안을 비활성화해야한다는 것입니다.
내 이해가 잘못된 경우 누군가 알려주시겠습니까?
잘 작동하는 것처럼 보이는 것은 다음을 application-dev.properties포함 하는 파일 을 만드는 것 입니다.
security.basic.enabled=false
management.security.enabled=false
그런 다음 dev프로필을 사용하여 Spring Boot 앱을 시작 하면 로그온 할 필요가 없습니다.
패키지에 spring-boot-actuator가있는 경우 다음을 추가해야합니다.
@EnableAutoConfiguration(exclude = {
org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class,
org.springframework.boot.actuate.autoconfigure.ManagementWebSecurityAutoConfiguration.class})
이전 Spring-boot에서는 클래스가 ManagementSecurityAutoConfiguration.
최신 버전에서는 다음과 같이 변경되었습니다.
@SpringBootApplication(exclude = {
org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class,
org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration.class}
)
종속성으로 보안이 필요하지만 Spring Boot가이를 구성하지 않도록하려면 다음 제외를 사용할 수 있습니다.
@EnableAutoConfiguration(exclude = {
org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class
})
스프링 부트 2 사용자의 경우
@EnableAutoConfiguration(exclude = {
org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class
})
1 단계 : 보안 구성에 주석 @EnableWebSecurity 주석
//@EnableWebSecurity
2 단계 :이를 application.properties 파일에 추가 합니다.
security.ignored=/**
spring.security.enabled=false
management.security.enabled=false
security.basic.enabled=false
자세한 내용은 http://codelocation.com/how-to-turn-on-and-off-spring-security-in-spring-boot-application/을 참조하십시오.
antMatchers ( "/")를 사용하여 모든 것에 대한 액세스 허용
protected void configure(HttpSecurity http) throws Exception {
System.out.println("configure");
http.csrf().disable();
http.authorizeRequests().antMatchers("/").permitAll();
}
나는 단순히에 추가 security.ignored=/**했고 application.properties, 그것이 매력을했다.
In order to avoid security you can use annotations. Use this annotation on top of configure class:
@EnableWebSecurity
For example:
@EnableWebSecurity
@Configuration
public class AuthFilter{
// configured method
}
You need to add this entry to application.properties to bypass Springboot Default Security
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
Then there won't be any authentication box. otrws, credentials are:- user and 99b962fa-1848-4201-ae67-580bdeae87e9 (password randomly generated)
Note: my springBootVersion = '1.5.14.RELEASE'
Add following class into your code
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
* @author vaquar khan
*/
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/**").permitAll().anyRequest().authenticated().and().csrf().disable();
}
}
And insie of application.properties add
security.ignored=/**
security.basic.enabled=false
management.security.enabled=false
Add the below lines to your main app.
Remove org.activiti.spring.boot.SecurityAutoConfiguration.class if you're not using activiti.
Similarly, remove the one for actuator if you're not using spring-boot-actuator.
@EnableAutoConfiguration(exclude = {
org.activiti.spring.boot.SecurityAutoConfiguration.class,
org.springframework.boot.actuate.autoconfigure.ManagementWebSecurityAutoConfiguration.class,
org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class })
You can configure to toggle spring security in your project by following below 2 steps:
STEP 1: Add a @ConditionalOnProperty annotation on top of your SecurityConfig class. Refer below:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity (prePostEnabled = true)
@ConditionalOnProperty (name = "myproject.security.enabled", havingValue = "true", matchIfMissing = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
// your security config
}
STEP 2: Add following config to your application.properties or application.yml file.
application.properties
security.ignored=/**
myproject.security.enabled=false
OR
application.yml
security:
ignored: /**
myproject:
security:
enabled: false
I added below settings in application.yml and worked fine.
security:
route-patterns-to-be-skipped:
- /**/*
this can be converted as security.route-paterns-to-be-skipped=/**/* for application.properties
As previously multiple solutions mentioned to disable security through commenting of
@EnableWebSecurity
annotation and other is through properties in application.properties or yml. But those properties are showing as deprecated in latest spring boot version.
So, I would like to share another approach to configure default username and password in your application-dev.properties or application-dev.yml and use them to login into swagger and etc in development environment.
spring.security.user.name=admin
spring.security.user.password=admin
So, this approach will also provides you some kind of security as well and you can share this information with your development team. You can also configure user roles as well, but its not required in development level.
참고URL : https://stackoverflow.com/questions/23894010/spring-boot-security-disable-security
'programing' 카테고리의 다른 글
| Android에서 새 활동을 시작하고 현재 활동을 완료 하시겠습니까? (0) | 2020.11.19 |
|---|---|
| 요청과 관련된 OWIN 인증 관리자가 없습니다. (0) | 2020.11.19 |
| Underscore.js가 AMD에 대한 지원을 제거한 이유는 무엇입니까? (0) | 2020.11.18 |
| Rails 앱에서 사용하지 않는 코드 찾기 (0) | 2020.11.18 |
| Nuget 시험판 버전 패키지를 게시하는 방법 (0) | 2020.11.18 |