我编写了一个简单的spring boot应用程序(版本1.21),该应用程序通过REST公开公开数据。我激活了执行器以了解应用程序中正在发生的事情:
dependencies { compile("org.springframework.boot:spring-boot-starter-actuator")
在开发环境中,我设置了固定的用户名/密码:
security.user.name=admin security.user.password=admin security.user.role=ADMIN
执行器使Spring Security被激活,这也保护了我的控制器。这不是我想要的,我希望无需身份验证即可调用它。当我致电控制器时,我在日志中看到以下消息:
11:00:40.713 [http-nio-8080-exec-1] INFO o.s.b.a.audit.listener.AuditListener - AuditEvent [timestamp=Fri Jan 16 11:00:40 CET 2015, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={type=org.springframework.security.access.AccessDeniedExcep tion, message=access denied}]
我阅读了有关stackoverflow的文章,但无法将其翻译为注释。我想我的注释与控制器@Secured("ROLE_ANONYMOUS")和@Secured("IS_AUTHENTICATED_ANONYMOUSLY")但这没有工作了。我认为这会导致Spring Security仍在尝试对用户进行身份验证,但之后他所扮演的角色将无关紧要
@Secured("ROLE_ANONYMOUS")
@Secured("IS_AUTHENTICATED_ANONYMOUSLY")
我是否可以为我的控制器定义一个注释,以通知Spring Security不要弹出身份验证框?
首先,我尝试不添加Spring Security而相处,但是当jar丢失时,我得到以下消息:
13:27:08.726 [main] ERROR o.s.boot.SpringApplication - Application startup failed java.lang.IllegalStateException: Could not evaluate condition on org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration#ignoredPathsWebSecurityConfigurerAdapter due to internal class not found. This can happen if you are @ ComponentScanning a springframework package (e.g. if you put a @ComponentScan in the default package by mistake) at org.springframework.boot.autoconfigure.condition.SpringBootCondition.matches(SpringBootCondition.java:51) ~[spring-boot-autoconfigure-1.2.1.RELEASE.jar:1.2.1.RELEASE] at org.springframework.context.annotation.ConditionEvaluator.shouldSkip(ConditionEvaluator.java:102) ~[spring-context-4.1.4.RELEASE.jar:4.1.4.RELEASE] ... at org.springframework.boot.SpringApplication.run(SpringApplication.java:950) [spring-boot-1.2.1.RELEASE.jar:1.2.1.RELEASE] at demo.Application.main(Application.java:20) [bin/:na] Caused by: java.lang.NoClassDefFoundError: org/springframework/security/web/access/WebInvocationPrivilegeEvaluator
Application.java:20看起来像这样:
ApplicationContext ctx = SpringApplication.run(Application.class, args);
借助Dave Syer的专业知识,我得以解决此问题。我security.basic.enabled=false进入application.properties并从build.gradle文件中删除了spring安全性。
security.basic.enabled=false
application.properties
build.gradle
我几天前已经做过,但是显然刷新项目没有用,因此spring安全jar留在了类路径上,而我没有注意到这一点。完全重建项目后,一切正常。
