如何解决Spring Security 妨碍了 Spring Admin
我设置了一个 Spring 管理服务器。它目前正在运行。它还与 Spring Security 合并。该应用程序使用 HTTP 和 HTTPS 进行分析。我在本地运行 HTTP 配置文件。这些是主类、管理 yml 的一部分和配置文件的设置:
@EnableAdminServer
@SpringBootApplication
public class Application
{
public static void main(String[] args)
{
SpringApplication.run(Application.class,args);
}
}
@Profile("!HTTPS")
@Slf4j
@EnableWebSecurity
public class DefaultSecurityConfig extends WebSecurityConfigurerAdapter
{
@Override
protected void configure(HttpSecurity http) throws Exception
{
String adminContextPath = "/hello";
log.info("Disabling Login Page");
http.httpBasic().disable();
http.formLogin().disable();
http
.authorizeRequests()
.antMatchers(adminContextPath + "/assets/**").permitAll()
.antMatchers(adminContextPath + "/login").permitAll()
.antMatchers(adminContextPath + "/instances").permitAll()
.antMatchers(adminContextPath + "/**").permitAll()
.and()
.csrf()
.ignoringAntMatchers(
"/instances","/actuator/**"
);;
}
}
spring:
autoconfigure:
exclude: org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration
boot:
admin:
context-path: /admin
routes:
endpoints: env,metrics,trace,jolokia,info,configprops
profiles:
include: HTTP
security:
user:
name: "admin"
password: "admin123"
在我的客户中,这几乎就是我所拥有的:
spring:
autoconfigure:
exclude: "org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,\
org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration,\
org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration"
boot:
admin:
client:
url: http://localhost:8083/hello/admin
username: "admin"
password: "admin123"
instance:
metadata:
user:
name: "admin"
password: "admin123"
application:
name: DDFDF
security:
user:
name: "admin"
password: "admin123"
从服务器端看,spring-boot-admin的版本是2.4.3,spring-security是2.4.4。从客户端看,spring-boot-admin的版本是2.4.3,spring-security的版本是2.4.4。两者都在 spring boot 2.4.4 版上运行。我从客户端看到的是:
Failed to register application as Application(name=DDFDF,managementUrl=http://maclon0363:8099/appy/actuator,healthUrl=http://maclon0363:8099/appy/actuator/health,serviceUrl=http://maclon0363:8099/appy) at spring-boot-admin ([http://localhost:8083/hello/admin/instances]): 403 : [{"timestamp":"2021-07-23T18:01:12.763+00:00","status":403,"error":"Forbidden","message":"","path":"/hello/admin/instances"}]. Further attempts are logged on DEBUG level
在调试级别,它只是不断说这是一个 403 Forbidden .. 我不明白,因为我可以从 Chrome 访问 /hello/admin/instances 端点。我真的看不到这个问题,因为我已经提供了必要的凭据,而且端点应该不需要根据我在安全服务器端设置的配置进行身份验证..
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。