属性“security.basic.enabled”被废弃:安全性自动配置不再可自定义。
我正在使用spring-boot-starter-parent版本2.0.1.RELEASE.开发Spring 项目。
我正处于警告之下,看起来
属性“security.basic.enabled”被废弃:安全性自动配置不再可自定义。提供您自己的WebSecurityConfigurer bean。
安全性:基本:启用: false在春季安全最新版本中禁用。
你能给我指点一下我该用什么吗?
application.yml
---
server:
port: 8888
security:
basic:
enabled: false
spring:
cloud:
config:
server:
git:
uri: https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls
search-paths:
- 'station*'
repos:
perf:
pattern:
- '*/perf'
uri: https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls-perf
search-paths:
- 'station*'pom.xml
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.1.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<spring-cloud.version>Finchley.BUILD-SNAPSHOT</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
<repositories>
<repository>
<id>spring-snapshots</id>
<name>Spring Snapshots</name>
<url>https://repo.spring.io/snapshot</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
<repository>
<id>spring-milestones</id>
<name>Spring Milestones</name>
<url>https://repo.spring.io/milestone</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
这是我的考试课。
@RunWith(SpringRunner.class)
@SpringBootTest
public class PluralsightSpringcloudM2ConfigserverGitApplicationTests {
@Test
public void contextLoads() {
}
}和
这与另一个问题无关
回答 5
Stack Overflow用户
发布于 2018-04-08 12:26:31
SpringBoot2.0改变了它的自动配置(包括一些属性),现在只有一个行为,一旦添加了自己的WebSecurityConfigurerAdapter,就会退出。默认配置如下所示
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.httpBasic();
}默认情况下,具有生成密码的单个用户被配置。若要自定义此用户,请使用spring.security.user下的属性。
spring.security.user.name=user # Default user name.
spring.security.user.password= # Password for the default user name.
spring.security.user.roles= # Granted roles for the default user name.从Spring 2开始,以下属性已被删除:
security.basic.authorize-mode
security.basic.enabled
security.basic.path
security.basic.realm
security.enable-csrf
security.headers.cache
security.headers.content-security-policy
security.headers.content-security-policy-mode
security.headers.content-type
security.headers.frame
security.headers.hsts
security.headers.xss
security.ignored
security.require-ssl
security.sessions替换(如果存在的话)可以在这里找到:附录A.共同应用属性
需要明确的是:如果您创建了一个自定义WebSecurityConfigurerAdapter,那么默认的安全配置将被您的自定义配置所取代:
@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// For example: Use only Http Basic and not form login.
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic();
}
}要获得更多信息,请访问Spring2.0迁移指南。
Stack Overflow用户
发布于 2019-06-11 17:33:04
这是因为当您编写security.basic.enabled = false时,您基本上告诉应用程序,我不关心安全性,并且允许所有的请求。在SpringBoot2.0之后,您不能仅仅编写1种配置来使应用程序不安全。你需要编写一些代码才能做到这一点。或者你只需复制以下内容。
package com.LockheedMartin.F22Simulator;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().permitAll();
}
}顺便说一句,您应该将security.basic.enabled = false从您的application.properties中删除,因为spring 2.*.*不再理解该属性,如果您有正确的Intellij设置,您应该会看到一个警告,上面写着'unsupported property'。
Stack Overflow用户
发布于 2018-04-08 15:30:42
如果您使用,我们需要这样做,
@Bean
public SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) {
http.authorizeExchange().anyExchange().permitAll();
return http.build();
}在此还有另一个堆栈溢出帖子,Spring 2.0禁用默认安全性
https://stackoverflow.com/questions/49717573
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号