问题
My project requires that I use Spring Security for CSRF and XSS protection but not to use it for the authentication and authorization. I have configured SS into my application but every time I access a page, it automatically redirects me to it's Login page. How do I disable this? My SecurityConfig file is:
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
}
}
回答1:
The SecurityConfig as given below will allow all requests to be not authenticated, but will have the CSRF and XSS guards:
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().permitAll();
}
}
回答2:
Configure spring security configuration as below along with required spring security dependecies. Get it tested yourself to ensure that it has all that you need.
package org.springframework.security.samples.config;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("**").permitAll().and().csrf()
.and().headers().frameOptions().sameOrigin().xssProtection();
}
}
来源:https://stackoverflow.com/questions/29138483/no-authentication-and-authorization-using-spring-security