Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/spring/11.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java Spring security拒绝访问/执行器/运行状况_Java_Spring_Spring Boot_Spring Security - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java Spring security拒绝访问/执行器/运行状况

Java Spring security拒绝访问/执行器/运行状况

java spring spring-boot spring-security

Java Spring security拒绝访问/执行器/运行状况,java,spring,spring-boot,spring-security,Java,Spring,Spring Boot,Spring Security,我试图理解为什么Spring security在/actuator/health上拒绝访问 有人能发现问题吗 日志说: 27/02/2020 11:24:57.902 [http-nio-4104-exec-1] [,,] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/actuator/health'; against '/actuator/**' 27/02/2020 11:24:57.902 [

我试图理解为什么Spring security在/actuator/health上拒绝访问 有人能发现问题吗

日志说:

27/02/2020 11:24:57.902 [http-nio-4104-exec-1] [,,] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/actuator/health'; against '/actuator/**'
27/02/2020 11:24:57.902 [http-nio-4104-exec-1] [,,] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /actuator/health; Attributes: [hasIpAddress('127.0.0.1/32')]
27/02/2020 11:24:57.902 [http-nio-4104-exec-1] [,,] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@187dbd2d: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
27/02/2020 11:24:57.909 [http-nio-4104-exec-1] [,,] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@790ce264, returned: -1
27/02/2020 11:24:57.912 [http-nio-4104-exec-1] [,,] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at no.gjensidige.bank.nasasupport.jwt.JwtTokenFilter.doFilterInternal(JwtTokenFilter.java:60) [15 skipped]
at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256) [41 skipped]
at java.base/java.lang.Thread.run(Thread.java:830) [13 skipped]


http
                .antMatcher("/**") // If you want to override the security provided by Spring Boot.
                .cors().and()
                .csrf().disable()
                .authorizeRequests()
                .antMatchers("/actuator/**")
                .access("hasIpAddress('127.0.0.1/32')")
                .antMatchers("/api")
                .hasAnyAuthority("not important")
  .antMatchers("/actuator/health", "/open/**")
                .permitAll()
                .anyRequest()
                .denyAll();
有人发现错误了吗?我使用的是spring-boot-2.2.2.RELEASE

我必须补充一点: 
@SpringBootApplication(exclude={UserDetailsServiceAutoConfiguration.class})删除默认生成的密码。如果用户详细信息服务自动配置被排除或未被排除,则会出现相同的错误。
将执行器添加到安全应用程序后,您会得到一个仅适用于执行器端点的附加筛选器链。它的顺序为
ManagementServerProperties.BASIC\u AUTH\u order
。如果要将应用程序安全规则应用于执行器端点,可以添加排序早于执行器的筛选器链,这可以使用
ManagementServerProperties.ACCESS\u OVERRIDE\u ORDER
完成。
简而言之,试着这样做:


@Configuration
@Order(ManagementServerProperties.ACCESS_OVERRIDE_ORDER)
public class ApplicationConfigurerAdapter extends WebSecurityConfigurerAdapter {
    // your implementation
}



我们使用此配置来实现与您的要求类似的功能:
健康
普罗米修斯
端点必须无需身份验证即可访问。对于经过身份验证的用户,允许从
localhost
(在本例中运行Docker容器)或任何地方发出任何请求


private static final String ACTUATOR_BASE                = "/actuator";
private static final String MATCHERS_ACTUATOR_HEALTH     = ACTUATOR_BASE + "/health";
private static final String MATCHERS_ACTUATOR_PROMETHEUS = ACTUATOR_BASE + "/prometheus";

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
        .antMatchers(MATCHERS_ACTUATOR_HEALTH).permitAll()
        .antMatchers(MATCHERS_ACTUATOR_PROMETHEUS).permitAll()
        .anyRequest()
        .access("hasIpAddress('127.0.0.0/8') or hasIpAddress('::1') or isAuthenticated()")
        .and()
        .httpBasic()
        .and()
        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}


我发现了问题。
我不知道为什么我们的配置不起作用,但我改变了顺序。我首先定义了
/exactor/health
permitAll(),然后定义了
/exactor/**
访问


http.antMatcher("/**")
            .cors().and()
            .csrf().disable()
            .authorizeRequests()
            .antMatchers("/actuator/health", "/open/**")
            .permitAll()
            .antMatchers("/actuator/**")
            .access("hasIpAddress('127.0.0.1/32')")
            .antMatchers("/api")
            .hasAnyAuthority("not important")
            .anyRequest()
            .denyAll();



我使用的是SpringBoot2.2。ManagementServerProperties.ACCESS\u OVERRIDE\u ORDER)仅在Spring Boot 1.x中。看起来,自Spring Boot 2.0以来,他们已经删除了执行器的单独安全自动配置。因此,更改过滤器顺序可能不起作用。我首先要尝试的是在当前实现中将permitAll()规则移到access()规则之上。另外,您是否正在尝试从127.0.0.1访问
/exactor/health