为spring-boot-admin配置spring security（用于控制访问）

在spring-boot-admin（SBA）监控端，为了防止没授权的访问，一般需要做访问控制。只需简单几步，就可以配置spring security来控制对SBA的访问。

1、引入依赖：

		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-security</artifactId>
		</dependency>

2、配置：

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
	@Value("${spring.profiles}")
	private String env;

	@Override
	protected void configure(HttpSecurity http) throws Exception {

		/*if("dev".equals(env)){ //如果需要在开发服中免登录
			http.authorizeRequests().antMatchers("*//**","*//**//*filters").permitAll();
			http.csrf().disable();
			http.httpBasic();
			return;
		}*/

		http
				.formLogin().loginPage("/login.html").loginProcessingUrl("/login").permitAll()
				.and()
				.logout().logoutUrl("/logout")
				.and()
				.authorizeRequests()
				.antMatchers("/login.html", "/**/*.css", "/img/**", "/api/**") //放开"/api/**"：为了给被监控端免登录注册
				.permitAll()
				.and()
				.authorizeRequests().antMatchers("/**").authenticated();
		http.csrf().disable();
		http.httpBasic();

	}
/*	@Autowired //也可以在application.yml文件中配置登录账号密码：security.user.name/password
	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
		auth
			.inMemoryAuthentication()
			.withUser("svcAdmin").password("pw").roles("USER");
	}*/
}

application.yml：

security:
  user:
    name: sba
    password: passwd

3、登录页面：

<html>
<head>
	<meta charset="UTF-8">
	<title>sba登录</title>
	<style>
		html,body{text-align:center;margin:0px auto;}
		form, div{margin: 5px;}
	</style>
</head>
<body>
<br/>
<form action="/svc-monitor/login" method="post">
	<div>请登录：</div>
	<div><label><input type="text" name="username"  placeholder="用户名"/> </label></div>
	<div><label><input type="password" name="password"  placeholder="密码"/> </label></div>
	<div><input type="submit" value="登录"/></div>
</form>
</body>
</html>