上一篇写了Spring Boot Admin的搭建 spring boot admin 搭建(非常简单)_Muscleheng的博客-CSDN博客
但是没有登录验证,如果线上使用,肯定是不安全的,这里记录一下添加登录验证,非常简单
一、服务端(server端)
1. pom文件添加依赖
<!--springboot admin 安全相关-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
2. 添加一个配置文件
package com.zhh.dd.config;
import de.codecentric.boot.admin.server.config.AdminServerProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
/**
* @author 赵恒
* @description 安全配置
* @date 2021/11/22 17:54
*/
@Configuration
public class SecuritySecureConfig extends WebSecurityConfigurerAdapter {
private final String adminContextPath;
public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
this.adminContextPath = adminServerProperties.getContextPath();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
successHandler.setTargetUrlParameter("redirectTo");
successHandler.setDefaultTargetUrl(adminContextPath + "/");
http.authorizeRequests()
//1.配置所有静态资源和登录页可以公开访问
.antMatchers(adminContextPath + "/assets/**").permitAll()
.antMatchers(adminContextPath + "/login").permitAll()
.anyRequest().authenticated()
.and()
//2.配置登录和登出路径
.formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
.logout().logoutUrl(adminContextPath + "/logout").and()
//3.开启http basic支持,admin-client注册时需要使用
.httpBasic().and()
.csrf()
//4.开启基于cookie的csrf保护
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
//5.忽略这些路径的csrf保护以便admin-client注册
.ignoringAntMatchers(
adminContextPath + "/instances",
adminContextPath + "/actuator/**"
);
}
}
3. 配置文件配置登录账号和密码
# 登录账号和密码
spring.security.user.name=admin
spring.security.user.password=admin
启动后访问 127.0.0.1:5889
二、客户端(client端)
1. 配置文件配置登录账号和密码
在原始配置上添加两个属性即可 username 和 password
spring:
boot:
admin:
client:
url: http://127.0.0.1:5889 #要注册的server端的url地址
username: admin #连接服务端的账号和密码
password: admin