java - 如何配置 SpringSecurity oAuth2 和 Basic

问题描述

我正在为一些业务逻辑编写微服务，它连接到身份验证微服务以进行身份​​验证。现在我尝试使用名称/密码配置 prometheus 以从我的服务中获取信息（不想这样做 permitAll()）。但是，不幸的是，它只有在permitAll()用于"/actuator/**". 如果我将其更改为 smth，就像hasRole('ACTUATOR ADMIN')我重新审核 BadCredential 一样。

应用程序.yml：

application:
  clientId: newApp
server: 
  port: 8081
  
spring:
  security:
    name: prom
    password: prom
    roles: ACTUATOR_ADMIN
    
#prometheus
management:
  endpoint:
    metrics:
      enabled: true
    prometheus:
      enabled: true
  endpoints:
    web:
      exposure:
        include: '*'
  metrics:
    export:
      prometheus:
        enabled: true

普罗米修斯.yml

scrape_configs:
  - job_name: 'spring-actuator'
    metrics_path: '/actuator/prometheus'
    basic_auth:
      username: "prom"
      password: "prom"
    scrape_interval: 5s
    static_configs:
    - targets: ['192.168.1.187:8081']

和资源服务器配置：

 @Configuration
@EnableResourceServer
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {

        http
        .csrf().disable()
        .authorizeRequests()
                .antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources", "/configuration/security",
                        "/swagger-ui.html", "/webjars/**", "/swagger-resources/configuration/ui",
                        "/swagger-resources/configuration/security").permitAll()
                .antMatchers("/**").authenticated();
}

如何解决？

提前致谢。

标签： javaspring-securityprometheus