SpringBoot只要依赖了Spring Security包后(pom.xml中多了spring-boot-starter-security的jar包),默认就已经开启了权限验证,如果当前工程是不需要纳入权限管理的话,就可以直接禁用掉Security的认证。下面是方法:
Spring Boot 2.x和Spring Security 5.x前禁用认证
在application.yml或application.properties中加入这么一段(yml与properties差异请自行搜索,这里示意)
security.basic.enabled=false
management.security.enabled=false
Spring Boot 2.x和Spring Security 5.x后禁用认证
由于改版之后,如下的一些配置均废弃
security.basic.authorize-mode
security.basic.enabled
security.basic.path
security.basic.realm
security.enable-csrf
security.headers.cache
security.headers.content-security-policy
security.headers.content-security-policy-mode
security.headers.content-type
security.headers.frame
security.headers.hsts
security.headers.xss
security.ignored
security.require-ssl
导致即使按照上面的配置配好后也无法生效
解决办法
在启动类前的@SpringBootApplication
注解中加入exclude
属性SecurityAutoConfiguration
和ManagementWebSecurityAutoConfiguration
,以排除安全认证
@SpringBootApplication(exclude = {SecurityAutoConfiguration.class,
ManagementWebSecurityAutoConfiguration.class})
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class,args);
}