Java Spring Boot Admin 2获取执行器端点401
我已经在API服务应用程序中创建了SpringBootAdmin2服务器和集成的SpringBootAdmin2客户端。目前,我的API服务项目受到OAuth2框架的保护。为了绕过执行器端点,我在Java Spring Boot Admin 2获取执行器端点401,java,spring-boot,spring-security,spring-boot-actuator,spring-boot-admin,Java,Spring Boot,Spring Security,Spring Boot Actuator,Spring Boot Admin,我已经在API服务应用程序中创建了SpringBootAdmin2服务器和集成的SpringBootAdmin2客户端。目前,我的API服务项目受到OAuth2框架的保护。为了绕过执行器端点,我在WebSecurity配置适配器类的WebSecurity和HttpSecurity中添加了配置,但看起来执行器端点仍然给出了401。当我研究这个问题时,我发现在public void configure(HttpSecurity http)中,当我删除.antMatcher(“/user”)时,启动器
WebSecurity配置适配器
类的WebSecurity
和HttpSecurity
中添加了配置,但看起来执行器端点仍然给出了401。当我研究这个问题时,我发现在public void configure(HttpSecurity http)
中,当我删除.antMatcher(“/user”)
时,启动器端点被打开,管理服务器能够获得所有细节,但当我删除时,antMatcher(“/user”)
OAuth2没有失败
我的Spring Boot管理服务器正在http://localhost:8080
并且API项目(管理客户端)正在http://localhost:8081
我正在使用
弹簧护套2(2.0.4.释放)春季云(Finchley.RELEASE)
Spring Boot Admin 2(2.0.2) Oauth2用户信息uri在我的API项目中配置如下
security:
oauth2:
resource:
user-info-uri: http://localhost:9999/auth/user
下面给出了我在API项目中添加的一些属性
management.endpoints.web.exposure.include=health,info,auditevents,metrics,loggers,logfile,httptrace,env,flyway,liquidbase,shutdown,mappings,scheduledtasks,threaddump,heapdump
management.endpoint.health.show-details=always
management.security.enabled=false
management.health.rabbit.enabled=false
spring.boot.admin.client.url[0]=http://localhost:8080
spring.boot.admin.client.username=user
spring.boot.admin.client.password=password
spring.boot.admin.client.instance.management-url=http://localhost:8081/actuator
spring.boot.admin.client.instance.health-url=http://localhost:8081/actuator/health
spring.boot.admin.client.instance.service-url=http://localhost:8081
@Order(1)
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
public WebSecurityConfigurer() {
super(true);
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/actuator/**");
web.ignoring().antMatchers(HttpMethod.OPTIONS, "/**", "/actuator/**");
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.anonymous().and().antMatcher("/user").authorizeRequests()
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll().
antMatchers("/actuator/**").permitAll().
anyRequest().authenticated()
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.ignoringAntMatchers("/instances", "/actuator/**");
}
}
下面给出了我的自定义Web安全配置
management.endpoints.web.exposure.include=health,info,auditevents,metrics,loggers,logfile,httptrace,env,flyway,liquidbase,shutdown,mappings,scheduledtasks,threaddump,heapdump
management.endpoint.health.show-details=always
management.security.enabled=false
management.health.rabbit.enabled=false
spring.boot.admin.client.url[0]=http://localhost:8080
spring.boot.admin.client.username=user
spring.boot.admin.client.password=password
spring.boot.admin.client.instance.management-url=http://localhost:8081/actuator
spring.boot.admin.client.instance.health-url=http://localhost:8081/actuator/health
spring.boot.admin.client.instance.service-url=http://localhost:8081
@Order(1)
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
public WebSecurityConfigurer() {
super(true);
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/actuator/**");
web.ignoring().antMatchers(HttpMethod.OPTIONS, "/**", "/actuator/**");
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.anonymous().and().antMatcher("/user").authorizeRequests()
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll().
antMatchers("/actuator/**").permitAll().
anyRequest().authenticated()
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.ignoringAntMatchers("/instances", "/actuator/**");
}
}
有人能帮我吗?你得到答案了吗。如果是,请邮寄。我也陷入了同样的困境。