2

我使用带有执行器的 spring boot 并添加了安全配置:

management.port=8088
management.address=127.0.0.1
management.security.enabled=true
security.user.name=admin
security.user.password=secret
management.security.role=SUPERUSER

curl -u admin:secret http://127.0.0.1:8088/metrics可以,但使用 Chrome ( http://127.0.0.1:8088/metrics ):{"timestamp":1506692938036,"status":401,"error":"Unauthorized","message":"Full authentication is required to access this resource.","path":"/metrics"}

如何在 url 或 headers 中使用登录名/密码?

编辑 1

我尝试@Lachezar Balev 解决方案(授权:基本 YWRtaW46c2VjcmV0 + admin:secret@ in url)但是是 KO

在此处输入图像描述

4

3 回答 3

1

在 URL 中:

http://admin:secret@127.0.0.1:8088/metrics

作为标题:

Authorization: Basic YWRtaW46c2VjcmV0
于 2017-09-30T06:11:41.437 回答
0

使用带有 @Component 注解的 CustomAuthenticationEntryPoint

@Configuration
@EnableWebSecurity
public class AdminEntryPointsSecurityConfig {

    @Bean
    public PasswordEncoder encoder() {
        return new BCryptPasswordEncoder();
    }

    @Configuration
    @Order(1)
    public static class App1ConfigurationAdapter extends WebSecurityConfigurerAdapter {

        @Autowired
        private CustomAuthenticationEntryPoint authenticationEntryPoint;

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.antMatcher("/actuator/**")
                .authorizeRequests().anyRequest().hasRole("ADMIN")
                .and().httpBasic().authenticationEntryPoint(authenticationEntryPoint)    
                .and().exceptionHandling().accessDeniedPage("/403");
        }   




        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();        
            auth.inMemoryAuthentication()
                .passwordEncoder(encoder)
                .withUser("act")
                .password(encoder.encode("act"))            
                .roles("ADMIN");
        }
    }

}

然后进行基本身份验证。

@Component
public class CustomAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {

    @Override
    public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException, ServletException {
        response.addHeader("WWW-Authenticate", "Basic realm=\"" + getRealmName() + "\"");
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        final PrintWriter writer = response.getWriter();
        writer.println("HTTP Status " + HttpServletResponse.SC_UNAUTHORIZED + " - " + authException.getMessage());
    }

    @Override
    public void afterPropertiesSet() throws Exception {
        setRealmName("ADMIN");
        super.afterPropertiesSet();
    }

}
于 2019-01-30T19:01:09.807 回答
-2

请更新:

management.security.enabled=true

至:

management.security.enabled=false
于 2018-08-19T11:51:57.543 回答