spring boot actuator 安全配置 springboot的安全性
关于springboot Actuator框架的安全配置方案:
(图片来源网络,侵删)
加入security安全验证框架
方案一:
配置信息:
spring: security: user: password: admin name: admin management: endpoints: web: base-path: /monitor exposure: include: "*" # 排除端点 exclude: shutdown server: port: 9595 endpoint: health: show-details: always shutdown: enabled: true
引入依赖信息
org.springframework.boot spring-boot-starter-security
需要上下午url对进行处理;
处理方法一:只针对端点请求进行权限校验
(图片来源网络,侵删)
@Configuration @EnableWebSecurity public class ActuatorSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired Environment env; @Override protected void configure(HttpSecurity security) throws Exception { String contextPath = env.getProperty("management.endpoints.web.base-path"); if(StringUtils.isEmpty(contextPath)) { contextPath = ""; } security.csrf().disable().headers().frameOptions().disable(); security.cors().and().antMatcher("/**"+contextPath+"/**") .authorizeRequests() .anyRequest() .authenticated().and().httpBasic(); } }
以下处理跨域请求
@Configuration public class WebConfig implements WebMvcConfigurer { /** * 允许跨域请求 * * @param registry */ @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowedOrigins("*") .allowedMethods("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS") .allowCredentials(true) .maxAge(3600) .allowedHeaders("*"); } @Bean CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(Arrays.asList("*")); configuration.setAllowedMethods(Arrays.asList("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS")); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); return source; } }
方案二:定制端点信息
**启用端点:**默认情况下,启用除shutdown 之外的所有端点。要配置端点的启用,请使用其management.endpoint…enabled 属性。以下示例启用shutdown 端点:
management.endpoint.shutdown.enabled=true management.endpoint.env.enabled=false
如果您希望端点启用是选择加入而不是选择退出,请将management.endpoints.enabled-by-default 属性设置为false 并使用单个端点enabled 属性重新加入。以下示例启用info endpoint并禁用所有其他端点:
management.endpoints.enabled-by-default=false management.endpoint.info.enabled=true
(图片来源网络,侵删)
文章版权声明:除非注明,否则均为主机测评原创文章,转载或复制请以超链接形式并注明出处。
还没有评论,来说两句吧...