java – 属性’security.basic.enabled’已弃用:安全自动配置不再可自定义

前端之家收集整理的这篇文章主要介绍了java – 属性’security.basic.enabled’已弃用:安全自动配置不再可自定义前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我正在使用 spring-boot-starter-parent版本2.0.1.RELEASE开发 Spring Cloud项目.

我低于警告,看起来像

Property ‘security.basic.enabled’ is Deprecated: The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.

安全:
基本:
enabled:在Spring安全最新版本中禁用false.

你能指导一下我应该用什么代替吗?

application.yml

  1. ---
  2. server:
  3. port: 8888
  4.  
  5. security:
  6. basic:
  7. enabled: false
  8.  
  9. spring:
  10. cloud:
  11. config:
  12. server:
  13. git:
  14. uri: https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls
  15.  
  16. search-paths:
  17. - 'station*'
  18. repos:
  19. perf:
  20. pattern:
  21. - '*/perf'
  22. uri: https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls-perf
  23. search-paths:
  24. - 'station*'

的pom.xml

  1. <parent>
  2. <groupId>org.springframework.boot</groupId>
  3. <artifactId>spring-boot-starter-parent</artifactId>
  4. <version>2.0.1.RELEASE</version>
  5. <relativePath /> <!-- lookup parent from repository -->
  6. </parent>
  7.  
  8. <properties>
  9. <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
  10. <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
  11. <java.version>1.8</java.version>
  12. <spring-cloud.version>Finchley.BUILD-SNAPSHOT</spring-cloud.version>
  13. </properties>
  14.  
  15. <dependencies>
  16. <dependency>
  17. <groupId>org.springframework.boot</groupId>
  18. <artifactId>spring-boot-starter-actuator</artifactId>
  19. </dependency>
  20. <dependency>
  21. <groupId>org.springframework.cloud</groupId>
  22. <artifactId>spring-cloud-config-server</artifactId>
  23. </dependency>
  24. <dependency>
  25. <groupId>org.springframework.boot</groupId>
  26. <artifactId>spring-boot-starter-security</artifactId>
  27. </dependency>
  28. <dependency>
  29. <groupId>org.springframework.boot</groupId>
  30. <artifactId>spring-boot-starter-test</artifactId>
  31. <scope>test</scope>
  32. </dependency>
  33. </dependencies>
  34.  
  35. <dependencyManagement>
  36. <dependencies>
  37. <dependency>
  38. <groupId>org.springframework.cloud</groupId>
  39. <artifactId>spring-cloud-dependencies</artifactId>
  40. <version>${spring-cloud.version}</version>
  41. <type>pom</type>
  42. <scope>import</scope>
  43. </dependency>
  44. </dependencies>
  45. </dependencyManagement>
  46.  
  47. <build>
  48. <plugins>
  49. <plugin>
  50. <groupId>org.springframework.boot</groupId>
  51. <artifactId>spring-boot-maven-plugin</artifactId>
  52. </plugin>
  53. </plugins>
  54. </build>
  55.  
  56. <repositories>
  57. <repository>
  58. <id>spring-snapshots</id>
  59. <name>Spring Snapshots</name>
  60. <url>https://repo.spring.io/snapshot</url>
  61. <snapshots>
  62. <enabled>true</enabled>
  63. </snapshots>
  64. </repository>
  65. <repository>
  66. <id>spring-milestones</id>
  67. <name>Spring Milestones</name>
  68. <url>https://repo.spring.io/milestone</url>
  69. <snapshots>
  70. <enabled>false</enabled>
  71. </snapshots>
  72. </repository>
  73. </repositories>

这是我的测试课.

  1. @RunWith(SpringRunner.class)
  2. @SpringBootTest
  3. public class PluralsightSpringcloudM2ConfigserverGitApplicationTests {
  4.  
  5. @Test
  6. public void contextLoads() {
  7. }
  8.  
  9. }


它与另一个问题无关

解决方法

Spring Boot 2.0更改了其自动配置(包括一些属性),现在只需添加自己的WebSecurityConfigurerAdapter就可以退出一个行为.默认配置如下
  1. protected void configure(HttpSecurity http) throws Exception {
  2. http
  3. .authorizeRequests()
  4. .anyRequest().authenticated()
  5. .and()
  6. .formLogin()
  7. .and()
  8. .httpBasic();
  9. }

默认情况下,配置具有生成密码的单个用户.要自定义用户,请使用spring.security.user下的属性.

  1. spring.security.user.name=user # Default user name.
  2. spring.security.user.password= # Password for the default user name.
  3. spring.security.user.roles= # Granted roles for the default user name.

从Spring Boot 2开始,以下属性已被删除

  1. security.basic.authorize-mode
  2. security.basic.enabled
  3. security.basic.path
  4. security.basic.realm
  5. security.enable-csrf
  6. security.headers.cache
  7. security.headers.content-security-policy
  8. security.headers.content-security-policy-mode
  9. security.headers.content-type
  10. security.headers.frame
  11. security.headers.hsts
  12. security.headers.xss
  13. security.ignored
  14. security.require-ssl
  15. security.sessions

替换(如果存在)可以在这里找到:Appendix A. Common application properties

需要说明的是:如果您创建自定义WebSecurityConfigurerAdapter,则默认安全配置将替换为您的自定义配置:

  1. @EnableWebSecurity
  2. @Configuration
  3. public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
  4. @Override
  5. protected void configure(HttpSecurity http) throws Exception {
  6. // For example: Use only Http Basic and not form login.
  7. http
  8. .authorizeRequests()
  9. .anyRequest().authenticated()
  10. .and()
  11. .httpBasic();
  12. }
  13. }

欲了解更多信息,请访问Spring 2.0 Migration Guide.

猜你在找的Java相关文章