我正在使用
spring-boot-starter-parent版本2.0.1.RELEASE开发
Spring Cloud项目.
我低于警告,看起来像
Property ‘security.basic.enabled’ is Deprecated: The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.
安全:
基本:
enabled:在Spring安全最新版本中禁用false.
你能指导一下我应该用什么代替吗?
application.yml
- ---
- server:
- port: 8888
- security:
- basic:
- enabled: false
- spring:
- cloud:
- config:
- server:
- git:
- uri: https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls
- search-paths:
- - 'station*'
- repos:
- perf:
- pattern:
- - '*/perf'
- uri: https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls-perf
- search-paths:
- - 'station*'
的pom.xml
- <parent>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-parent</artifactId>
- <version>2.0.1.RELEASE</version>
- <relativePath /> <!-- lookup parent from repository -->
- </parent>
- <properties>
- <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
- <java.version>1.8</java.version>
- <spring-cloud.version>Finchley.BUILD-SNAPSHOT</spring-cloud.version>
- </properties>
- <dependencies>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-actuator</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework.cloud</groupId>
- <artifactId>spring-cloud-config-server</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-security</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-test</artifactId>
- <scope>test</scope>
- </dependency>
- </dependencies>
- <dependencyManagement>
- <dependencies>
- <dependency>
- <groupId>org.springframework.cloud</groupId>
- <artifactId>spring-cloud-dependencies</artifactId>
- <version>${spring-cloud.version}</version>
- <type>pom</type>
- <scope>import</scope>
- </dependency>
- </dependencies>
- </dependencyManagement>
- <build>
- <plugins>
- <plugin>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-maven-plugin</artifactId>
- </plugin>
- </plugins>
- </build>
- <repositories>
- <repository>
- <id>spring-snapshots</id>
- <name>Spring Snapshots</name>
- <url>https://repo.spring.io/snapshot</url>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
- </repository>
- <repository>
- <id>spring-milestones</id>
- <name>Spring Milestones</name>
- <url>https://repo.spring.io/milestone</url>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </repository>
- </repositories>
这是我的测试课.
- @RunWith(SpringRunner.class)
- @SpringBootTest
- public class PluralsightSpringcloudM2ConfigserverGitApplicationTests {
- @Test
- public void contextLoads() {
- }
- }
它与另一个问题无关
解决方法
Spring Boot 2.0更改了其自动配置(包括一些属性),现在只需添加自己的WebSecurityConfigurerAdapter就可以退出一个行为.默认配置如下
- protected void configure(HttpSecurity http) throws Exception {
- http
- .authorizeRequests()
- .anyRequest().authenticated()
- .and()
- .formLogin()
- .and()
- .httpBasic();
- }
默认情况下,配置具有生成密码的单个用户.要自定义此用户,请使用spring.security.user下的属性.
- spring.security.user.name=user # Default user name.
- spring.security.user.password= # Password for the default user name.
- spring.security.user.roles= # Granted roles for the default user name.
- security.basic.authorize-mode
- security.basic.enabled
- security.basic.path
- security.basic.realm
- security.enable-csrf
- security.headers.cache
- security.headers.content-security-policy
- security.headers.content-security-policy-mode
- security.headers.content-type
- security.headers.frame
- security.headers.hsts
- security.headers.xss
- security.ignored
- security.require-ssl
- security.sessions
替换(如果存在)可以在这里找到:Appendix A. Common application properties
需要说明的是:如果您创建自定义WebSecurityConfigurerAdapter,则默认安全配置将替换为您的自定义配置:
- @EnableWebSecurity
- @Configuration
- public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- // For example: Use only Http Basic and not form login.
- http
- .authorizeRequests()
- .anyRequest().authenticated()
- .and()
- .httpBasic();
- }
- }
欲了解更多信息,请访问Spring 2.0 Migration Guide.