java - Spring Security coming in the way of Spring Admin
问题描述
I have a Spring admin server set up. It's currently up and running. It's also incorporated with Spring Security. The app is profiled with HTTP and HTTPS. Locally i'm running the HTTP profile. These are the main class, part of the admin yml and the setup of profile:
@EnableAdminServer
@SpringBootApplication
public class Application
{
public static void main(String[] args)
{
SpringApplication.run(Application.class, args);
}
}
@Profile("!HTTPS")
@Slf4j
@EnableWebSecurity
public class DefaultSecurityConfig extends WebSecurityConfigurerAdapter
{
@Override
protected void configure(HttpSecurity http) throws Exception
{
String adminContextPath = "/hello";
log.info("Disabling Login Page");
http.httpBasic().disable();
http.formLogin().disable();
http
.authorizeRequests()
.antMatchers(adminContextPath + "/assets/**").permitAll()
.antMatchers(adminContextPath + "/login").permitAll()
.antMatchers(adminContextPath + "/instances").permitAll()
.antMatchers(adminContextPath + "/**").permitAll()
.and()
.csrf()
.ignoringAntMatchers(
"/instances",
"/actuator/**"
);;
}
}
spring:
autoconfigure:
exclude: org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration
boot:
admin:
context-path: /admin
routes:
endpoints: env, metrics, trace, jolokia, info, configprops
profiles:
include: HTTP
security:
user:
name: "admin"
password: "admin123"
And in my client this is pretty much what I have:
spring:
autoconfigure:
exclude: "org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,\
org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration,\
org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration"
boot:
admin:
client:
url: http://localhost:8083/hello/admin
username: "admin"
password: "admin123"
instance:
metadata:
user:
name: "admin"
password: "admin123"
application:
name: DDFDF
security:
user:
name: "admin"
password: "admin123"
From the server side, the version of spring-boot-admin is 2.4.3 and spring-security is 2.4.4. From the client side, the version of spring-boot-admin is 2.4.3 and the version of spring-security is 2.4.4. Both are running on version 2.4.4 of spring boot. What i see from the client side is this:
Failed to register application as Application(name=DDFDF, managementUrl=http://maclon0363:8099/appy/actuator, healthUrl=http://maclon0363:8099/appy/actuator/health, serviceUrl=http://maclon0363:8099/appy) at spring-boot-admin ([http://localhost:8083/hello/admin/instances]): 403 : [{"timestamp":"2021-07-23T18:01:12.763+00:00","status":403,"error":"Forbidden","message":"","path":"/hello/admin/instances"}]. Further attempts are logged on DEBUG level
On the debug level, it just constantly says it's a 403 Forbidden.. which i don't understand since i can access the /hello/admin/instances endpoint from Chrome. I can't really see the issue as i have provided the necessary credentials and also the endpoints should not need authentication per the config i have set in the server side of security..
解决方案
推荐阅读
- java - 在 Spring Boot Rest 控制器中声明可变字段
- android - 在android上编写系统文件时权限被拒绝
- python - requests-html 模块没有响应
- azure - 使用 Azure PowerShell 将 Key Vault 机密分配给 Azure 函数
- asp.net-mvc - PDFTron webviewer - 如何使用 ASP.net MVC Core 将整个编辑的 pdf 保存到服务器
- javascript - 我无法重新分配 javascript 字符串变量
- stata - Stata - 生成唯一组合忽略顺序
- twitter - Zapier 查找 Twitter URL 提及
- makefile - 为什么 arm-poky-linux-gnueabi-ar 说“invalid option -- 'g'”,而这个选项没有出现在命令行的 args 列表中?
- python - 在python Elasticsearch中滚动不起作用