使用Spring Security无需身份验证和授权

本文介绍了使用Spring Security无需身份验证和授权的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我的项目要求我将Spring Security用于CSRF和XSS保护，但不能用于身份验证和授权.我已经在应用程序中配置了SS，但是每次访问页面时，它都会自动将我重定向到其登录"页面.如何禁用此功能?我的SecurityConfig文件是:

My project requires that I use Spring Security for CSRF and XSS protection but not to use it for the authentication and authorization. I have configured SS into my application but every time I access a page, it automatically redirects me to it's Login page. How do I disable this? My SecurityConfig file is:

@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { } }

推荐答案

以下给出的SecurityConfig将允许所有请求都未经身份验证，但将具有CSRF和XSS防护:

The SecurityConfig as given below will allow all requests to be not authenticated, but will have the CSRF and XSS guards:

@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().anyRequest().permitAll(); } }