使用Spring Security给Spring Boot Admin做一个安全验证登录

项目中我们可用到Spring Boot Admin 应用监控 监控服务器的各项指标状态。

本类别文章已经介绍了 如何搭建Spring Boot Admin 截图正常运行效果图如下：

下边我们贴下关键实现该功能的过程

<dependency>
   <groupId>de.codecentric</groupId>
   <artifactId>spring-boot-admin-server-ui-login</artifactId>
   <version>${spring-boot-admin.version}</version>
</dependency>

<!--  spring-boot-starter-security -->
<dependency>
   <groupId>org.springframework.boot</groupId>
   <artifactId>spring-boot-starter-security</artifactId>
   <version>1.4.5.RELEASE</version>
</dependency>

关闭 原有的Basic认证

management:
  security:
    enabled: false

security:
  user:
    name: miyaow
    password: 123

  basic:
    enabled: false

定义重写我们的权限控制类

/**
 * 配置HTTPBASIC权限验证
 *
 * @author yesh
 *         (M.M)!
 *         Created by 2017/5/15.
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, proxyTargetClass = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(WebSecurity web) throws Exception {
        //忽略css.jq.img等文件
        web.ignoring().antMatchers("/**.html","/**.css", "/img/**", "/**.js","/third-party/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http
                .csrf().disable() //HTTP with Disable CSRF
                .authorizeRequests() //Authorize Request Configuration
                .antMatchers( "/login",
                        "/api/**",
                        "/**/heapdump",
                        "/**/loggers",
                        "/**/liquibase",
                        "/**/logfile",
                        "/**/flyway",
                        "/**/auditevents",
                        "/**/jolokia").permitAll() //放开"/api/**"：为了给被监控端免登录注册并解决Log与Logger冲突
                .and()
                .authorizeRequests()
                .antMatchers("/**").hasRole("USER")
                .antMatchers("/**").authenticated()
                .and() //Login Form configuration for all others
                .formLogin()
                .loginPage("/login.html")
                .loginProcessingUrl("/login").permitAll()
                .defaultSuccessUrl("/")
                .and() //Logout Form configuration
                .logout()
                .deleteCookies("remove")
                .logoutSuccessUrl("/login.html").permitAll()
                .and()
                .httpBasic();

    }

并在启动类中添加开启功能注解

@Configuration
@EnableAdminServer //开启Spring Boot Admin 服务
@EnableDiscoveryClient
@SpringBootApplication
public class MiSpringBootAdminApplication {

   public static void main(String[] args) {
      SpringApplication.run(MiSpringBootAdminApplication.class, args);
   }

}

这样就基本上完成了基本的配置。

欢迎大家多给给意见我的开源项目，更多详情见我的MI系统介绍githun地址如下：

https://github.com/miyaow/mi