Spring-Boot-Admin-快速单独集成Security

Spring-Boot-Admin-快速单独集成Security

---

一、服务器安全(admin-server)配置

1、核心代码

pom.xml 中添加依赖

<dependency>
    <groupId>de.codecentric</groupId>
    <artifactId>spring-boot-admin-starter-server</artifactId>
    <version>2.3.1</version>
</dependency>


<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

application.yml 配置

# 应用程序名称
spring:
  application:
    name: admin-server


  security:
    user:
      name: admin-server
      password: admin-server


# 应用程序端口
server:
  port: 8080

添加配置类：SecurityConfig 继承 WebSecurityConfigurerAdapter

package yuanlx.adminserver.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;

/**
 * @Description 请描述下该类是做什么的
 * @Author <a href="mailto:yuanlx@smartdot.com.cn">袁凌霄</a>
 * @Date 2021/5/31  14:30
 * @Verson 1.0
 **/
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        SavedRequestAwareAuthenticationSuccessHandler successHandler
                = new SavedRequestAwareAuthenticationSuccessHandler();
        successHandler.setTargetUrlParameter("redirectTo");
        successHandler.setDefaultTargetUrl("/");

        http.authorizeRequests()
                //授予公众对所有静态资产和登录页面的访问权限。
                .antMatchers("/assets/**").permitAll()
                //登陆页面排除
                .antMatchers("/login").permitAll()
                // 其他所有请求都必须经过验证。
                .anyRequest().authenticated().and()
                .formLogin().loginPage("/login")
                .successHandler(successHandler).and()
                .logout().logoutUrl("/logout").and()
                .httpBasic().and()
                .csrf()
                // 使用Cookies启用CSRF保护
                .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
                //对执行器端点禁用CSRF-Protection。
                .ignoringAntMatchers(
                        "/instances",
                        "/actuator/**"
                );
    }
}

启动类添加注解：@EnableAdminServer

二、客户端安全(client-server)配置

pom.xml 中添加依赖

<dependency>
    <groupId>de.codecentric</groupId>
    <artifactId>spring-boot-admin-starter-client</artifactId>
    <version>2.3.1</version>
</dependency>

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
</dependency>

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

application.yml 配置

# 应用程序名称
spring:
  application:
    name: admin-client
  #  登陆的用户密码
  security:
    user:
      name: admin-client
      password: admin-client
  boot:
    # 要在其中注册的Spring Boot Admin Server的URL。
    admin:
      client:
        url: http://localhost:8080
        instance:
          # 使用IP的方式
          prefer-ip: true
          metadata:
            user:
              # admin server 将使用这些凭据对客户端的Actuator端点进行身份验证
              name:  ${spring.security.user.name}
              password:  ${spring.security.user.name}
        # admin server 的用户密码, admin-client 通过这些凭据， 向admin server服务器注册：
        username: admin-server
        password: admin-server




# 应用程序端口
server:
  port: 9090


#  默认情况下，大多数Actuator端点都不通过http公开，这里我们公开了所有端点。
#  对于生产，您应该仔细选择要公开的端点。

management:
  endpoints:
    web:
      exposure:
        include: ["*"]

三、验证

1、效果如下