Skip to main content
 首页 » 编程设计

spring-security之Spring boot 安全性 禁用安全性

2024年02月27日11daizhj

当我使用 security.basic.enabled=false 禁用具有以下依赖项的 Spring Boot 项目上的安全性时:

    <dependency> 
        <groupId>org.springframework.boot</groupId> 
        <artifactId>spring-boot-starter-web</artifactId> 
    </dependency> 
    <dependency> 
        <groupId>org.springframework.boot</groupId> 
        <artifactId>spring-boot-starter-security</artifactId> 
    </dependency> 
    <dependency> 
        <groupId>org.springframework.boot</groupId> 
        <artifactId>spring-boot-starter-actuator</artifactId> 
    </dependency> 
    <dependency> 
        <groupId>com.oracle</groupId> 
        <artifactId>ojdbc6</artifactId> 
    </dependency> 
    <dependency> 
        <groupId>org.springframework.boot</groupId> 
        <artifactId>spring-boot-starter-tomcat</artifactId> 
        <scope>provided</scope> 
    </dependency> 
    <dependency> 
        <groupId>org.springframework.boot</groupId> 
        <artifactId>spring-boot-starter-test</artifactId> 
        <scope>test</scope> 
    </dependency> 

我看到以下异常:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.boot.actuate.autoconfigure.ManagementSecurityAutoConfiguration$ManagementWebSecurityConfigurerAdapter': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.setObjectPostProcessor(org.springframework.security.config.annotation.ObjectPostProcessor); nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [org.springframework.security.config.annotation.ObjectPostProcessor] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {} 

为了修复此异常,我必须添加属性 - ma​​nagement.security.enabled=false 。我的理解是,当执行器位于类路径中时,应将 security.basic.enabled=falsema​​nagement.security.enabled=false 设置为禁用安全性。

如果我的理解有误,有人可以告诉我吗?

请您参考如下方法:

如果你的包中有 spring-boot-actuator,你应该添加以下内容

@EnableAutoConfiguration(exclude = { 
        org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class, 
        org.springframework.boot.actuate.autoconfigure.ManagementWebSecurityAutoConfiguration.class}) 

在较旧的 Spring-boot 中,该类称为 ManagementSecurityAutoConfiguration

在较新的版本中,这已更改为

@SpringBootApplication(exclude = { 
        org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class, 
        org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration.class} 
        ) 

更新

如果对于响应式(Reactive)应用程序您遇到同样的问题,您可以排除以下类

@SpringBootApplication(exclude = {ReactiveSecurityAutoConfiguration.class, ReactiveManagementWebSecurityAutoConfiguration.class })