我正在使用
spring-boot-starter-parent版本2.0.1.RELEASE开发
Spring Cloud项目.
我低于警告,看起来像
Property ‘security.basic.enabled’ is Deprecated: The security auto-configuration is no longer customizable. Provide your own WebSecurityConfigurer bean instead.
安全:
基本:
enabled:在Spring安全最新版本中禁用false.
你能指导一下我应该用什么代替吗?
application.yml
--- server: port: 8888 security: basic: enabled: false spring: cloud: config: server: git: uri: https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls search-paths: - 'station*' repos: perf: pattern: - '*/perf' uri: https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls-perf search-paths: - 'station*'
的pom.xml
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.1.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<spring-cloud.version>Finchley.BUILD-SNAPSHOT</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
<repositories>
<repository>
<id>spring-snapshots</id>
<name>Spring Snapshots</name>
<url>https://repo.spring.io/snapshot</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
<repository>
<id>spring-milestones</id>
<name>Spring Milestones</name>
<url>https://repo.spring.io/milestone</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
这是我的测试课.
@RunWith(springrunner.class) @SpringBoottest public class PluralsightSpringcloudM2configserverGitApplicationTests { @Test public void contextLoads() { } }
它与另一个问题无关
解决方法
Spring Boot 2.0更改了其自动配置(包括一些属性),现在只需添加自己的WebSecurityConfigurerAdapter就可以退出一个行为.默认配置如下
protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .and() .formLogin() .and() .httpBasic(); }
默认情况下,配置具有生成密码的单个用户.要自定义此用户,请使用spring.security.user下的属性.
spring.security.user.name=user # Default user name. spring.security.user.password= # Password for the default user name. spring.security.user.roles= # Granted roles for the default user name.
security.basic.authorize-mode security.basic.enabled security.basic.path security.basic.realm security.enable-csrf security.headers.cache security.headers.content-security-policy security.headers.content-security-policy-mode security.headers.content-type security.headers.frame security.headers.hsts security.headers.xss security.ignored security.require-ssl security.sessions
替换(如果存在)可以在这里找到:Appendix A. Common application properties
需要说明的是:如果您创建自定义WebSecurityConfigurerAdapter,则默认安全配置将替换为您的自定义配置:
@EnableWebSecurity @Configuration public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { // For example: Use only Http Basic and not form login. http .authorizeRequests() .anyRequest().authenticated() .and() .httpBasic(); } }
欲了解更多信息,请访问Spring 2.0 Migration Guide.
原文地址:https://www.jb51.cc/java/126970.html
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
