首頁猿問 Spring Boot 身份驗證...

Spring Boot 身份驗證 - 管理控制臺 403 響應客戶端

Java

尚方寶劍之說 2022-06-15 15:51:06

我正在使用 jdk 1.8 和 Spring boot 2.1.2。我想在 Spring Boot 的管理控制臺及其客戶端中啟用身份驗證。我在Administration application.properties中設置：spring.security.user.name=adminspring.security.user.password=secretspring.boot.admin.discovery.enabled=truemanagement.endpoints.web.exposure.include=*management.endpoints.web.cors.allowed-methods=GET,POST在管理項目中，我添加了這個類：@EnableWebSecurity@Configurationpublic class SecuritySecureConfig extends WebSecurityConfigurerAdapter { private static final Logger logger = (Logger) LoggerFactory.getLogger(SecuritySecureConfig.class); private final String adminContextPath; public SecuritySecureConfig(AdminServerProperties adminServerProperties) { this.adminContextPath = adminServerProperties.getContextPath(); } @Overrideprotected void configure(HttpSecurity http) throws Exception { SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler(); successHandler.setTargetUrlParameter("redirectTo"); successHandler.setDefaultTargetUrl(adminContextPath + "/"); http.authorizeRequests() .antMatchers(adminContextPath + "/assets/**").permitAll() .antMatchers(adminContextPath + "/login").permitAll() .anyRequest().authenticated() .and() .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and() .logout().logoutUrl(adminContextPath + "/logout").and() .httpBasic().and() .csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) .ignoringAntMatchers( adminContextPath + "/instances", adminContextPath + "/actuator/**" ); }}

查看完整描述

1 回答

皈依舞

TA貢獻1851條經驗獲得超3個贊

我有同樣的問題，所以使用

@EnableWebFluxSecurity

并不是

@EnableWebSecurity

像這樣

@Configuration

@EnableWebFluxSecurity

public class AppSecurityConfig {

private final AdminServerProperties adminServer;

public AppSecurityConfig (AdminServerProperties adminServer) {

this.adminServer = adminServer;

}

@Bean

public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {

http

.securityMatcher(new NegatedServerWebExchangeMatcher(

ServerWebExchangeMatchers.pathMatchers("/instances")))

.securityMatcher(new NegatedServerWebExchangeMatcher(

ServerWebExchangeMatchers.pathMatchers("/actuator/**")))

.authorizeExchange()

.anyExchange().authenticated()

.and()

.formLogin()

.loginPage(this.adminServer.getContextPath() + "/login")

.and()

.logout()

.logoutUrl(this.adminServer.getContextPath() + "/logout")

.and()

.httpBasic()

.and()

.csrf().disable();

return http.build();

} }

在你的 application.yml

spring:

security:

user:

password: ${ADMIN_PASSWORD}

application:

boot:

admin:

client:

username: ${ADMIN_USER}

password: ${ADMIN_PASSWORD}

url: ${ADMIN_SERVER_URL}

enabled: true

ui:

cache:

no-cache: true

title: App Monitoring

instance:

main:

allow-bean-definition-overriding: true

management:

endpoints:

web:

exposure:

include: "*"

cors:

allowed-origins: "*"

allowed-methods: GET,POST

endpoint:

health:

show-details: always

如果您愿意，它可以自行監控

在客戶端應用程序中

spring:

boot:

admin:

client:

url: ${ADMIN_SERVER_URL}

username: ${ADMIN_USER}

password: ${ADMIN_PASSWORD}

instance:

auto-registration: true

application:

反對回復 2022-06-15

1 回答
0 關注
214 瀏覽

關注

添加回答

舉報

0/150

提交

取消

亚洲在线久爱草,狠狠天天香蕉网,天天搞日日干久草,伊人亚洲日本欧美

熱搜

最近搜索清空

Spring Boot 身份驗證 - 管理控制臺 403 響應客戶端

Spring Boot 身份驗證 - 管理控制臺 403 響應客戶端

1 回答

添加回答