java - 如何配置 SpringSecurity oAuth2 和 Basic
问题描述
我正在为一些业务逻辑编写微服务,它连接到身份验证微服务以进行身份验证。现在我尝试使用名称/密码配置 prometheus 以从我的服务中获取信息(不想这样做 permitAll())。但是,不幸的是,它只有在permitAll()
用于"/actuator/**"
. 如果我将其更改为 smth,就像hasRole('ACTUATOR ADMIN')
我重新审核 BadCredential 一样。
应用程序.yml:
application:
clientId: newApp
server:
port: 8081
spring:
security:
name: prom
password: prom
roles: ACTUATOR_ADMIN
#prometheus
management:
endpoint:
metrics:
enabled: true
prometheus:
enabled: true
endpoints:
web:
exposure:
include: '*'
metrics:
export:
prometheus:
enabled: true
普罗米修斯.yml
scrape_configs:
- job_name: 'spring-actuator'
metrics_path: '/actuator/prometheus'
basic_auth:
username: "prom"
password: "prom"
scrape_interval: 5s
static_configs:
- targets: ['192.168.1.187:8081']
和资源服务器配置:
@Configuration
@EnableResourceServer
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources", "/configuration/security",
"/swagger-ui.html", "/webjars/**", "/swagger-resources/configuration/ui",
"/swagger-resources/configuration/security").permitAll()
.antMatchers("/**").authenticated();
}
如何解决?
提前致谢。