猿问

Spring Boot 身份验证 - 管理控制台 403 响应客户端

我正在使用 jdk 1.8 和 Spring boot 2.1.2。


我想在 Spring Boot 的管理控制台及其客户端中启用身份验证。


我在Administration application.properties中设置:


spring.security.user.name=admin

spring.security.user.password=secret


spring.boot.admin.discovery.enabled=true


management.endpoints.web.exposure.include=*

management.endpoints.web.cors.allowed-methods=GET,POST

在管理项目中,我添加了这个类:


@EnableWebSecurity

@Configuration

public class SecuritySecureConfig extends WebSecurityConfigurerAdapter {


    private static final Logger logger = (Logger) LoggerFactory.getLogger(SecuritySecureConfig.class);


    private final String adminContextPath;


    public SecuritySecureConfig(AdminServerProperties adminServerProperties) {

        this.adminContextPath = adminServerProperties.getContextPath();

    }


    @Override

protected void configure(HttpSecurity http) throws Exception {


    SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();

    successHandler.setTargetUrlParameter("redirectTo");

    successHandler.setDefaultTargetUrl(adminContextPath + "/");


    http.authorizeRequests()

            .antMatchers(adminContextPath + "/assets/**").permitAll()

            .antMatchers(adminContextPath + "/login").permitAll()

            .anyRequest().authenticated()

            .and()

            .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()

            .logout().logoutUrl(adminContextPath + "/logout").and()

            .httpBasic().and()

            .csrf()

                .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())

            .ignoringAntMatchers(

                    adminContextPath + "/instances",

                    adminContextPath + "/actuator/**"

            );


    }


}


尚方宝剑之说
浏览 187回答 1
1回答

皈依舞

我有同样的问题,所以使用@EnableWebFluxSecurity并不是@EnableWebSecurity像这样@Configuration@EnableWebFluxSecuritypublic class AppSecurityConfig   {    private final AdminServerProperties adminServer;    public AppSecurityConfig (AdminServerProperties adminServer) {        this.adminServer = adminServer;    }    @Bean    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {        http            .securityMatcher(new NegatedServerWebExchangeMatcher(                ServerWebExchangeMatchers.pathMatchers("/instances")))            .securityMatcher(new NegatedServerWebExchangeMatcher(                ServerWebExchangeMatchers.pathMatchers("/actuator/**")))            .authorizeExchange()            .anyExchange().authenticated()            .and()            .formLogin()            .loginPage(this.adminServer.getContextPath() + "/login")            .and()            .logout()            .logoutUrl(this.adminServer.getContextPath() + "/logout")            .and()            .httpBasic()            .and()            .csrf().disable();        return http.build();    } }在你的 application.ymlspring:  security:    user:      password: ${ADMIN_PASSWORD}      name: ${ADMIN_USER}  application:    name: Admin Server   boot:    admin:      client:        username: ${ADMIN_USER}        password: ${ADMIN_PASSWORD}        url: ${ADMIN_SERVER_URL}        enabled: true      ui:        cache:          no-cache: true        title: App Monitoring        instance:          name: ${spring.application.name}  main:    allow-bean-definition-overriding: truemanagement:  endpoints:    web:      exposure:        include: "*"      cors:        allowed-origins: "*"        allowed-methods: GET,POST  endpoint:    health:      show-details: always如果您愿意,它可以自行监控在客户端应用程序中spring:  boot:    admin:      client:        url: ${ADMIN_SERVER_URL}        username: ${ADMIN_USER}        password: ${ADMIN_PASSWORD}        instance:          name: ${spring.application.name}        auto-registration: true  application:    name: Client App
随时随地看视频慕课网APP

相关分类

Java
我要回答