美文网首页
SpringBoot-Actuator-加SpringSecur

SpringBoot-Actuator-加SpringSecur

作者: Joshua1919 | 来源:发表于2017-09-29 09:50 被阅读0次

背景:

系统中自定义了一些EndPoint来做系统的监控,打成jar包的时候,运行的非常完美,但是打成war包放到tomcat以后发现,management.address和management.port参数无效了!

这个倒是也能理解,因为war包以后,端口是由tomcat容器来定义的,而不是应用来定义。本来是想定义额外的端口,跟应用的端口隔离开,然后利用防火墙把EndPoint的端口保护起来,现在只能想别的办法了!

先看官网怎么说:

You can use Spring properties to change the username and password and to change the security role(s) required to access the endpoints. For example, you might set the following in yourapplication.properties:

security.user.name=adminsecurity.user.password=secretmanagement.security.roles=SUPERUSER

If your application has custom security configuration and you want all your actuator endpoints to be accessible without authentication, you need to explicitly configure that in your security configuration. Along with that, you need to change themanagement.security.enabledproperty tofalse.

If your custom security configuration secures your actuator endpoints, you also need to ensure that the authenticated user has the roles specified undermanagement.security.roles.

也就是说可以用Spring Security来加验证。

解决办法:

(1)application.properties

management.context-path=/manageActuator

management.security.enabled=false

management.security.roles=SUPERUSER

security.user.name=username

security.user.password=password

不用再配置port和address了。但是仅仅这样还不够,这样访问系统中的所有的接口都会弹出认证的窗口,所以我们还需要:

(2)定制下SpringSecurity:

@Configuration

@EnableWebSecurity

publicclassActuatorSecurityConfigextendsWebSecurityConfigurerAdapter{

@Autowired

Environment env;

@Override

protectedvoidconfigure(HttpSecurity http)throwsException {

String contextPath = env.getProperty("management.context-path");

if(StringUtils.isEmpty(contextPath)) {

contextPath ="";

}

http.csrf().disable();

http.authorizeRequests()

.antMatchers("/**"+contextPath+"/**").authenticated()

.anyRequest().permitAll()

.and().httpBasic();

}

}

现在就可以只对EndPoint的访问加验证了。

相关文章

网友评论

      本文标题:SpringBoot-Actuator-加SpringSecur

      本文链接:https://www.haomeiwen.com/subject/bbgbextx.html