SpringBoot-Actuator-加SpringSecurity验证
2017-09-29 09:33
232 查看
背景:
系统中自定义了一些EndPoint来做系统的监控,打成jar包的时候,运行的非常完美,但是打成war包放到tomcat以后发现,management.address和management.port参数无效了!
转载请注明出处:http://blog.csdn.net/goldenfish1919/article/details/78130516
这个倒是也能理解,因为war包以后,端口是由tomcat容器来定义的,而不是应用来定义。本来是想定义额外的端口,跟应用的端口隔离开,然后利用防火墙把EndPoint的端口保护起来,现在只能想别的办法了!
先看官网怎么说:
You can use Spring properties to change the username and password and to change the security role(s) required to access the endpoints. For example, you might set the following in your
If your application has custom security configuration and you want all your actuator endpoints to be accessible without authentication, you need to explicitly configure that in your security configuration. Along with that, you need to change the
to
If your custom security configuration secures your actuator endpoints, you also need to ensure that the authenticated user has the roles specified under
也就是说可以用Spring Security来加验证。
解决办法:
(1)application.properties
不用再配置port和address了。但是仅仅这样还不够,这样访问系统中的所有的接口都会弹出认证的窗口,所以我们还需要:
(2)定制下SpringSecurity:
系统中自定义了一些EndPoint来做系统的监控,打成jar包的时候,运行的非常完美,但是打成war包放到tomcat以后发现,management.address和management.port参数无效了!
转载请注明出处:http://blog.csdn.net/goldenfish1919/article/details/78130516
这个倒是也能理解,因为war包以后,端口是由tomcat容器来定义的,而不是应用来定义。本来是想定义额外的端口,跟应用的端口隔离开,然后利用防火墙把EndPoint的端口保护起来,现在只能想别的办法了!
先看官网怎么说:
You can use Spring properties to change the username and password and to change the security role(s) required to access the endpoints. For example, you might set the following in your
application.properties:
security.user.name=admin security.user.password=secret management.security.roles=SUPERUSER
If your application has custom security configuration and you want all your actuator endpoints to be accessible without authentication, you need to explicitly configure that in your security configuration. Along with that, you need to change the
management.security.enabledproperty
to
false.
If your custom security configuration secures your actuator endpoints, you also need to ensure that the authenticated user has the roles specified under
management.security.roles.
也就是说可以用Spring Security来加验证。
解决办法:
(1)application.properties
management.context-path=/manageActuator management.security.enabled=false management.security.roles=SUPERUSER security.user.name=username security.user.password=password
不用再配置port和address了。但是仅仅这样还不够,这样访问系统中的所有的接口都会弹出认证的窗口,所以我们还需要:
(2)定制下SpringSecurity:
@Configuration @EnableWebSecurity public class ActuatorSecurityConfig extends WebSecurityConfigurerAdapter{ @Autowired Environment env; @Override protected void configure(HttpSecurity http) throws Exception { String contextPath = env.getProperty("management.context-path"); if(StringUtils.isEmpty(contextPath)) { contextPath = ""; }http.csrf().disable(); http.authorizeRequests() .antMatchers("/**"+contextPath+"/**").authenticated() .anyRequest().permitAll() .and().httpBasic(); } }现在就可以只对EndPoint的访问加验证了。
相关文章推荐
- 在传统Spring应用中使用spring-boot-actuator模块提供监控端点
- 使用validator-api来验证spring-boot的参数
- SpringBoot+Vue前后端分离,使用SpringSecurity完美处理权限问题(一)
- SpringBoot 表单验证
- Spring Boot Actuator 添加 Git 和 Build 信息
- spring boot actuator工作原理之http服务暴露源码分析
- springboot(十九):使用Spring Boot Actuator监控应用
- spring boot整合CAS Client实现单点登陆验证的示例
- Spring Boot Actuator分析,自定义端点
- Spring Boot 2.0新增的Actuator端点的特性
- springboot-web进阶(一)——表单验证
- Spring-boot添加Interceptor进行认证验证
- springboot->使用messagesSourcec处理字段验证抛出错误
- Spring Boot Actuator监控端点小结
- spring boot actuator专题
- Kotlin + Spring Boot 请求参数验证
- SpringBoot基础教程2-1-9 数据验证-分组验证
- springboot系列(一):初次使用与登录验证实现
- Spring Boot Actuator监控端点小结
- 使用validator-api来验证spring-boot的参数