Spring-Boot-Admin-快速单独集成Security
一、服务器安全(admin-server)配置
1、核心代码
pom.xml 中添加依赖
<dependency>
<groupId>de.codecentric</groupId>
<artifactId>spring-boot-admin-starter-server</artifactId>
<version>2.3.1</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
application.yml 配置
# 应用程序名称
spring:
application:
name: admin-server
security:
user:
name: admin-server
password: admin-server
# 应用程序端口
server:
port: 8080
添加配置类:SecurityConfig 继承 WebSecurityConfigurerAdapter
package yuanlx.adminserver.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
/**
* @Description 请描述下该类是做什么的
* @Author <a href="mailto:yuanlx@smartdot.com.cn">袁凌霄</a>
* @Date 2021/5/31 14:30
* @Verson 1.0
**/
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
SavedRequestAwareAuthenticationSuccessHandler successHandler
= new SavedRequestAwareAuthenticationSuccessHandler();
successHandler.setTargetUrlParameter("redirectTo");
successHandler.setDefaultTargetUrl("/");
http.authorizeRequests()
//授予公众对所有静态资产和登录页面的访问权限。
.antMatchers("/assets/**").permitAll()
//登陆页面排除
.antMatchers("/login").permitAll()
// 其他所有请求都必须经过验证。
.anyRequest().authenticated().and()
.formLogin().loginPage("/login")
.successHandler(successHandler).and()
.logout().logoutUrl("/logout").and()
.httpBasic().and()
.csrf()
// 使用Cookies启用CSRF保护
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
//对执行器端点禁用CSRF-Protection。
.ignoringAntMatchers(
"/instances",
"/actuator/**"
);
}
}
启动类添加注解:@EnableAdminServer
二、客户端安全(client-server)配置
pom.xml 中添加依赖
<dependency>
<groupId>de.codecentric</groupId>
<artifactId>spring-boot-admin-starter-client</artifactId>
<version>2.3.1</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
application.yml 配置
# 应用程序名称
spring:
application:
name: admin-client
# 登陆的用户密码
security:
user:
name: admin-client
password: admin-client
boot:
# 要在其中注册的Spring Boot Admin Server的URL。
admin:
client:
url: http://localhost:8080
instance:
# 使用IP的方式
prefer-ip: true
metadata:
user:
# admin server 将使用这些凭据对客户端的Actuator端点进行身份验证
name: ${spring.security.user.name}
password: ${spring.security.user.name}
# admin server 的用户密码, admin-client 通过这些凭据, 向admin server服务器注册:
username: admin-server
password: admin-server
# 应用程序端口
server:
port: 9090
# 默认情况下,大多数Actuator端点都不通过http公开,这里我们公开了所有端点。
# 对于生产,您应该仔细选择要公开的端点。
management:
endpoints:
web:
exposure:
include: ["*"]
三、验证
1、效果如下