本文介绍了使用Spring Security无需身份验证和授权的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我的项目要求我将Spring Security用于CSRF和XSS保护,但不能用于身份验证和授权.我已经在应用程序中配置了SS,但是每次访问页面时,它都会自动将我重定向到其登录"页面.如何禁用此功能?我的SecurityConfig文件是:
My project requires that I use Spring Security for CSRF and XSS protection but not to use it for the authentication and authorization. I have configured SS into my application but every time I access a page, it automatically redirects me to it's Login page. How do I disable this? My SecurityConfig file is:
@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { } }推荐答案
以下给出的SecurityConfig将允许所有请求都未经身份验证,但将具有CSRF和XSS防护:
The SecurityConfig as given below will allow all requests to be not authenticated, but will have the CSRF and XSS guards:
@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().anyRequest().permitAll(); } }更多推荐
使用Spring Security无需身份验证和授权
发布评论