java - Spring Boot 管理员 - 基本身份验证

问题描述

我正在我的 sb-admin 和客户端中设置基本身份验证，但客户端无法注册（401 未经授权）。没有身份验证一切正常。

SB-管理员配置：

• 应用程序属性

    server.port=8080

    spring.application.name=SB Admin
    spring.boot.admin.ui.title=SB Admin

    spring.security.user.name=admin
    spring.security.user.password=admin

• 构建.gradle

    implementation 'org.springframework.boot:spring-boot-starter-web'
    implementation 'org.springframework.boot:spring-boot-starter-security'
    implementation 'de.codecentric:spring-boot-admin-starter-server'

客户端配置：

• 应用程序属性

    server.port=9000
    management.endpoints.web.exposure.include=*
    management.security.enabled=false

    spring.boot.admin.client.enabled=true
    spring.boot.admin.client.url=http://localhost:8080
    spring.boot.admin.client.username=admin
    spring.boot.admin.client.password=admin

• 构建.gradle

    implementation 'org.springframework.boot:spring-boot-starter-web'
    implementation 'org.springframework.boot:spring-boot-starter-security'
    implementation 'org.springframework.boot:spring-boot-starter-actuator'
    implementation 'de.codecentric:spring-boot-admin-starter-client'

安全配置

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private final String adminContextPath;
    private final AdminServerProperties adminServer;

    public SecurityConfig(AdminServerProperties adminServerProperties) {
        this.adminContextPath = adminServerProperties.getContextPath();
        this.adminServer = adminServerProperties;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        successHandler.setTargetUrlParameter("redirectTo");
        successHandler.setDefaultTargetUrl(this.adminServer.path("/"));

        http.authorizeRequests((authorizeRequests) -> authorizeRequests.antMatchers(this.adminServer.path("/assets/**"))
                .permitAll().antMatchers(this.adminServer.path("/login")).permitAll().anyRequest().authenticated())
                .formLogin((formLogin) -> formLogin.loginPage(this.adminServer.path("/login"))
                        .successHandler(successHandler).and())
                .logout((logout) -> logout.logoutUrl(this.adminServer.path("/logout")))
                .httpBasic(Customizer.withDefaults())
                .csrf((csrf) -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
                        .ignoringRequestMatchers(
                                new AntPathRequestMatcher(this.adminServer.path("/instances"),
                                        HttpMethod.POST.toString()),
                                new AntPathRequestMatcher(this.adminServer.path("/instances/*"),
                                        HttpMethod.DELETE.toString()),
                                new AntPathRequestMatcher(this.adminServer.path("/actuator/**"))))
                .rememberMe((rememberMe) -> rememberMe.key(UUID.randomUUID().toString()).tokenValiditySeconds(1209600));
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("admin").password("admin").roles("USER");
    }

}

有人可以帮助我吗？

标签： javaspringspring-bootspring-boot-admin