[英]Return 404 on Spring Boot /actuator root endpoint
When In production I want to disable the /actuator endpoint but still allow /actuator/health.在生产中,我想禁用 /actuator 端点,但仍允许 /actuator/health。 I have tried the code below using SecurityConfigurerAdapter but its returning 500. I want to return a 404 and get a "page not found" error page.我已经使用 SecurityConfigurerAdapter 尝试了下面的代码,但它返回 500。我想返回 404 并获得“找不到页面”错误页面。 Any help is much appreciated任何帮助深表感谢
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
if(isProd) {
http.authorizeRequests().antMatchers("/actuator/", "/actuator").denyAll();
}
}
You don't have to use Spring Security.您不必使用 Spring 安全性。
This can be configured using properties:这可以使用属性进行配置:
https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#production-ready-endpoints-exposing-endpoints https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#production-ready-endpoints-exposing-endpoints
By default health and info are exposed via web.默认情况下,运行状况和信息通过 web 公开。
So you could relay on the for production and in development you run your app with因此,您可以在运行应用程序的生产和开发中进行中继
-Dmanagement.endpoints.web.exposure.include=*
@Configuration
@EnableWebSecurity
//@EnableOAuth2Sso
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
@Autowired
private JwtRequestFilter jwtRequestFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
// dont authenticate this particular request
.authorizeRequests()
.antMatchers(
"/api/login",
"/user/create-new-user",
"/user/get-verification",
"/user/pwd-reset",
"/user/pwd-reset/verification",
"/api/swagger-ui.html")
.permitAll()
// .antMatchers("/**").permitAll().hasRole("ADMIN")
.anyRequest()
.fullyAuthenticated()
.and()
.exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint).and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// .and()
// .logout()
// .logoutRequestMatcher(new AntPathRequestMatcher("/api/logout")).logoutSuccessUrl("/https://www.baeldung.com/spring-security-logout")
// .invalidateHttpSession(true).deleteCookies("JSESSIONID");
// Add a filter to validate the tokens with every request
http
.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
}
or use this way或使用这种方式
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/home").access("hasRole('USER')")
.antMatchers("/admin/**").hasRole("ADMIN")
.and()
// some more method calls
.formLogin();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.