关于springboot Actuator框架的安全配置方案:
加入security安全验证框架
方案一:
配置信息:
spring:
security:
user:
password: admin
name: admin
management:
endpoints:
web:
base-path: /monitor
exposure:
include: "*"
# 排除端点
exclude: shutdown
server:
port: 9595
endpoint:
health:
show-details: always
shutdown:
enabled: true
引入依赖信息
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
需要上下午url对进行处理;
处理方法一:只针对端点请求进行权限校验
@Configuration
@EnableWebSecurity
public class ActuatorSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
Environment env;
@Override
protected void configure(HttpSecurity security) throws Exception {
String contextPath = env.getProperty("management.endpoints.web.base-path");
if(StringUtils.isEmpty(contextPath)) {
contextPath = "";
}
security.csrf().disable().headers().frameOptions().disable();
security.cors().and().antMatcher("/**"+contextPath+"/**")
.authorizeRequests()
.anyRequest()
.authenticated().and().httpBasic();
}
}
以下处理跨域请求
@Configuration
public class WebConfig implements WebMvcConfigurer {
/**
* 允许跨域请求
*
* @param registry
*/
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*")
.allowedMethods("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS")
.allowCredentials(true)
.maxAge(3600)
.allowedHeaders("*");
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}
方案二:定制端点信息
**启用端点:**默认情况下,启用除shutdown 之外的所有端点。要配置端点的启用,请使用其management.endpoint...enabled 属性。以下示例启用shutdown 端点:
properties
management.endpoint.shutdown.enabled=true
management.endpoint.env.enabled=false
如果您希望端点启用是选择加入而不是选择退出,请将management.endpoints.enabled-by-default 属性设置为false 并使用单个端点enabled 属性重新加入。以下示例启用info endpoint并禁用所有其他端点:
properties
management.endpoints.enabled-by-default=false
management.endpoint.info.enabled=true