[英]How to re-enable anonymous access to Spring Boot Health endpoint?
Probably I'm doing something wrong here, I just can't figure out what... 可能我在这里做错了,我无法弄清楚是什么......
I have an Oauth2 authentication server and a resource server within the same application. 我在同一个应用程序中有一个Oauth2身份验证服务器和一个资源服务器。
Resource server configuration: 资源服务器配置:
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER-1)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
public static final String RESOURCE_ID = "resources";
@Override
public void configure(final ResourceServerSecurityConfigurer resources) {
resources
.resourceId(RESOURCE_ID);
}
@Override
public void configure(final HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/**").access("#oauth2.hasScope('read')")
.antMatchers(HttpMethod.POST, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.PUT, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.PATCH, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.DELETE, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers(HttpMethod.GET, "/health").permitAll();
}
}
Authentication server configuration: 认证服务器配置:
@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(final AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService)
.passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and().httpBasic().realmName("OAuth Server");
}
}
When I try to access /health, I got a HTTP/1.1 401 Unauthorized. 当我尝试访问/健康时,我得到了一个HTTP / 1.1 401 Unauthorized。
How can I persuade Spring Boot to make /health anonymously accessible? 我怎样才能说服Spring Boot使/健康匿名访问?
As M. Deinum said: 正如M. Deinum所说:
The order in which you specify your mappings is also the order in which they are consulted.
指定映射的顺序也是查询它们的顺序。 The first match wins... As /** matches everything your /health mapping is useless.
第一场比赛获胜...因为/ **匹配您的/健康映射无用的一切。 Move that above the /** mappings to have it functional.
移动/ **映射上方以使其正常运行。 – M. Deinum Aug 20 at 17:56
- M. Deinum 8月20日17:56
You also need to disable it by setting management.security.enabled
to false. 您还需要通过将
management.security.enabled
设置为false来禁用它。
http://docs.spring.io/spring-boot/docs/current-SNAPSHOT/reference/htmlsingle/#production-ready-customizing-management-server-port http://docs.spring.io/spring-boot/docs/current-SNAPSHOT/reference/htmlsingle/#production-ready-customizing-management-server-port
I had same issue and struggled a bit. 我有同样的问题并且有点挣扎。
protected void configure(HttpSecurity http) throws Exception {
...
.authorizeRequests()
.antMatchers("/actuator/**").permitAll()
}
is not enough. 是不足够的。
Also override this method and add the below and it works. 同时覆盖此方法并添加以下内容并且它可以正常工作。
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/actuator/**");
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.