本文主要是介绍spring boot actuator 安全配置 springboot的安全性,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
关于springboot Actuator框架的安全配置方案:
加入security安全验证框架
方案一:
配置信息:
spring:security:user:password: adminname: adminmanagement:endpoints:web:base-path: /monitorexposure:include: "*"# 排除端点exclude: shutdownserver:port: 9595endpoint:health:show-details: alwaysshutdown:enabled: true
引入依赖信息
<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId>
</dependency>
需要上下午url对进行处理;
处理方法一:只针对端点请求进行权限校验
@Configuration
@EnableWebSecurity
public class ActuatorSecurityConfig extends WebSecurityConfigurerAdapter {@AutowiredEnvironment env;@Overrideprotected void configure(HttpSecurity security) throws Exception {String contextPath = env.getProperty("management.endpoints.web.base-path");if(StringUtils.isEmpty(contextPath)) {contextPath = "";}security.csrf().disable().headers().frameOptions().disable();security.cors().and().antMatcher("/**"+contextPath+"/**").authorizeRequests().anyRequest().authenticated().and().httpBasic();}
}
以下处理跨域请求
@Configuration
public class WebConfig implements WebMvcConfigurer {/*** 允许跨域请求** @param registry*/@Overridepublic void addCorsMappings(CorsRegistry registry) {registry.addMapping("/**").allowedOrigins("*").allowedMethods("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS").allowCredentials(true).maxAge(3600).allowedHeaders("*");}@BeanCorsConfigurationSource corsConfigurationSource() {CorsConfiguration configuration = new CorsConfiguration();configuration.setAllowedOrigins(Arrays.asList("*"));configuration.setAllowedMethods(Arrays.asList("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS"));UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();source.registerCorsConfiguration("/**", configuration);return source;}
}
方案二:定制端点信息
**启用端点:**默认情况下,启用除shutdown 之外的所有端点。要配置端点的启用,请使用其management.endpoint…enabled 属性。以下示例启用shutdown 端点:
management.endpoint.shutdown.enabled=true
management.endpoint.env.enabled=false
如果您希望端点启用是选择加入而不是选择退出,请将management.endpoints.enabled-by-default 属性设置为false 并使用单个端点enabled 属性重新加入。以下示例启用info endpoint并禁用所有其他端点:
management.endpoints.enabled-by-default=false
management.endpoint.info.enabled=true
这篇关于spring boot actuator 安全配置 springboot的安全性的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!