这是一个非常愚蠢的问题,但我不明白为什么当我尝试访问安全端点时执行器给我一个 404 而不是 401。
我添加了依赖项
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
并禁用了非敏感端点的安全性
security.basic.enabled=false
现在,我可以访问该应用程序,并且(的残缺版本)/health
但是当我转到 时/metrics
,它给了我一个WWW-Authenticate
标题,很好,但是带有 404,所以我的浏览器不会提示我输入用户名和密码。
$ curl -v http://localhost:8081/metrics
* STATE: INIT => CONNECT handle 0x6000572d0; line 1090 (connection #-5000)
* Added connection 0. The cache now contains 1 members
* Trying ::1...
* STATE: CONNECT => WAITCONNECT handle 0x6000572d0; line 1143 (connection #0)
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8081 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x6000572d0; line 1240 (connection #0)
* STATE: SENDPROTOCONNECT => DO handle 0x6000572d0; line 1258 (connection #0)
> GET /metrics HTTP/1.1
> Host: localhost:8081
> User-Agent: curl/7.45.0
> Accept: */*
>
* STATE: DO => DO_DONE handle 0x6000572d0; line 1337 (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x6000572d0; line 1464 (connection #0)
* STATE: WAITPERFORM => PERFORM handle 0x6000572d0; line 1474 (connection #0)
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 404 Not Found
* Server Apache-Coyote/1.1 is not blacklisted
< Server: Apache-Coyote/1.1
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=31536000 ; includeSubDomains
< WWW-Authenticate: Basic realm="Spring"
< Content-Length: 0
< Date: Thu, 21 Jan 2016 15:55:12 GMT
<
* STATE: PERFORM => DONE handle 0x6000572d0; line 1632 (connection #0)
* Curl_done
* Connection #0 to host localhost left intact
以及中的相关属性application.properties
# Spring Boot Actuator
management.address=127.0.0.1
management.port=8081
security.basic.enabled=false
security.user.name=admin
security.user.password=a1b2c3
为什么呢?我可以改变它吗?