以下是我最终解决问题的方式。以下是我的安全配置在Spring Boot 1.5.x中的外观示例。安全被禁用与财产:security.basic.enabled=false
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/upload/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests()
.anyRequest().authenticated()
.and().httpBasic();
}
}
由于在Spring Boot 2中被删除(但仍保留为属性名称),我最终将其用作自定义属性。以下是我的配置在Spring Boot 2中的外观示例:security.basic.enabled
security.enabled
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${security.enabled:true}")
private boolean securityEnabled;
@Override
public void configure(WebSecurity web) throws Exception {
if (securityEnabled)
web.ignoring().antMatchers("/upload/**");
else
web.ignoring().antMatchers("/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
if (securityEnabled)
http.csrf().disable().authorizeRequests()
.anyRequest().authenticated()
.and().httpBasic();
}
}