使用Spring Security无需身份验证和授权
问题描述:
我的项目要求我将Spring Security用于CSRF和XSS保护,但不能用于身份验证和授权.我已经在应用程序中配置了SS,但是每次访问页面时,它都会自动将我重定向到其登录"页面.如何禁用此功能?我的SecurityConfig文件是:
My project requires that I use Spring Security for CSRF and XSS protection but not to use it for the authentication and authorization. I have configured SS into my application but every time I access a page, it automatically redirects me to it's Login page. How do I disable this? My SecurityConfig file is:
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
}
}
答
以下给出的SecurityConfig将允许所有请求都未经身份验证,但将具有CSRF和XSS防护:
The SecurityConfig as given below will allow all requests to be not authenticated, but will have the CSRF and XSS guards:
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().permitAll();
}
}