Spring 使用 Actuator 启动应用程序
Spring Boot application with Actuator
我有一个 SpringBoot 应用程序。 2.1.3.RELEASE securized by JWT,我想添加一个执行器。我添加了这个依赖项
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
这是我的配置文件:
@Profile("api")
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ApiWebSecurityConfig extends WebSecurityConfigurerAdapter {
private static final Logger LOG = LoggerFactory.getLogger(ApiWebSecurityConfig.class);
@Autowired
private JwtAuthenticationEntryPoint unauthorizedHandler;
@Autowired
private JwtTokenUtil jwtTokenUtil;
@Autowired
private UserSecurityService userSecurityService;
@Value("${jwt.header}")
private String tokenHeader;
@Value("${server.servlet.context-path}")
private String serverContextPath;
/** The encryption SALT. */
private static final String SALT = "fd&eekj§sfs23#*(_)nof";
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userSecurityService)
.passwordEncoder(passwordEncoder());
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(12, new SecureRandom(SALT.getBytes()));
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
// we don't need CSRF because our token is invulnerable
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
// don't create session
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
// Un-secure H2 Database
.antMatchers("/h2-console/**/**").permitAll()
.antMatchers("/auth/**").permitAll()
.anyRequest().authenticated();
// Custom JWT based security filter
JwtAuthorizationTokenFilter authenticationTokenFilter = new JwtAuthorizationTokenFilter(userDetailsService(), jwtTokenUtil, tokenHeader);
httpSecurity
.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
// disable page caching
httpSecurity
.headers()
.frameOptions().sameOrigin() // required to set for H2 else H2 Console will be blank.
.cacheControl();
}
@Override
public void configure(WebSecurity web) throws Exception {
// AuthenticationTokenFilter will ignore the below paths
web
.ignoring()
.antMatchers(
HttpMethod.POST,
"/auth"
)
.antMatchers(
HttpMethod.GET,
"/actuator"
)
.antMatchers(
HttpMethod.POST,
"/reg"
);
}
}
但是当我在邮递员中访问 http://127.0.0.1:8080/myApp/actuator/
我得到了一个
{
"timestamp": "2019-03-21T16:39:47.877+0000",
"status": 401,
"error": "Unauthorized",
"message": "Unauthorized",
"path": "/myApp/actuator/"
}
和HTTP Status 404 – Not Found
访问时 http://127.0.0.1:8080/actuator/
默认情况下 URL 是:
http://localhost:8080/actuator
尝试更改您的配置
.antMatchers(
HttpMethod.GET,
"/actuator"
)
至
.antMatchers(
HttpMethod.GET,
"/actuator/**"
)
Spring 引导执行器包含多个端点,包括运行状况、指标等。
访问端点如下;
http://{baseUrl}/autuator/health
http://{baseUrl}/autuator/metrics
所以获取所有端点 - http://{baseUrl}/autuator/** [GET 请求]
因此,要在您的安全配置中允许访问此端点,请更改您的配置。
.antMatchers(
HttpMethod.GET,
"/actuator"
)
至
.antMatchers(
HttpMethod.GET,
"/actuator/**"
)
我有一个 SpringBoot 应用程序。 2.1.3.RELEASE securized by JWT,我想添加一个执行器。我添加了这个依赖项
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
这是我的配置文件:
@Profile("api")
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ApiWebSecurityConfig extends WebSecurityConfigurerAdapter {
private static final Logger LOG = LoggerFactory.getLogger(ApiWebSecurityConfig.class);
@Autowired
private JwtAuthenticationEntryPoint unauthorizedHandler;
@Autowired
private JwtTokenUtil jwtTokenUtil;
@Autowired
private UserSecurityService userSecurityService;
@Value("${jwt.header}")
private String tokenHeader;
@Value("${server.servlet.context-path}")
private String serverContextPath;
/** The encryption SALT. */
private static final String SALT = "fd&eekj§sfs23#*(_)nof";
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userSecurityService)
.passwordEncoder(passwordEncoder());
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(12, new SecureRandom(SALT.getBytes()));
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
// we don't need CSRF because our token is invulnerable
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
// don't create session
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
// Un-secure H2 Database
.antMatchers("/h2-console/**/**").permitAll()
.antMatchers("/auth/**").permitAll()
.anyRequest().authenticated();
// Custom JWT based security filter
JwtAuthorizationTokenFilter authenticationTokenFilter = new JwtAuthorizationTokenFilter(userDetailsService(), jwtTokenUtil, tokenHeader);
httpSecurity
.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
// disable page caching
httpSecurity
.headers()
.frameOptions().sameOrigin() // required to set for H2 else H2 Console will be blank.
.cacheControl();
}
@Override
public void configure(WebSecurity web) throws Exception {
// AuthenticationTokenFilter will ignore the below paths
web
.ignoring()
.antMatchers(
HttpMethod.POST,
"/auth"
)
.antMatchers(
HttpMethod.GET,
"/actuator"
)
.antMatchers(
HttpMethod.POST,
"/reg"
);
}
}
但是当我在邮递员中访问 http://127.0.0.1:8080/myApp/actuator/
我得到了一个
{
"timestamp": "2019-03-21T16:39:47.877+0000",
"status": 401,
"error": "Unauthorized",
"message": "Unauthorized",
"path": "/myApp/actuator/"
}
和HTTP Status 404 – Not Found
访问时 http://127.0.0.1:8080/actuator/
默认情况下 URL 是:
http://localhost:8080/actuator
尝试更改您的配置
.antMatchers(
HttpMethod.GET,
"/actuator"
)
至
.antMatchers(
HttpMethod.GET,
"/actuator/**"
)
Spring 引导执行器包含多个端点,包括运行状况、指标等。
访问端点如下;
http://{baseUrl}/autuator/health
http://{baseUrl}/autuator/metrics
所以获取所有端点 - http://{baseUrl}/autuator/** [GET 请求]
因此,要在您的安全配置中允许访问此端点,请更改您的配置。
.antMatchers(
HttpMethod.GET,
"/actuator"
)
至
.antMatchers(
HttpMethod.GET,
"/actuator/**"
)