为什么Spring Boot Actuator返回404而不是401?

时间:2016-01-21 16:12:52

标签: spring-security spring-boot spring-boot-actuator

这是一个非常愚蠢的问题,但我不明白为什么当我尝试访问安全端点时,执行器给我404而不是401。

我添加了依赖

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

并禁用非敏感端点的安全性

security.basic.enabled=false

现在,我可以访问该应用程序,以及/health的一个残缺版本,但是当我转到/metrics时,它会给我一个WWW-Authenticate标题,很好,但有一个404,所以我的浏览器不会提示我输入用户名和密码。

$ curl -v http://localhost:8081/metrics
* STATE: INIT => CONNECT handle 0x6000572d0; line 1090 (connection #-5000)
* Added connection 0. The cache now contains 1 members
*   Trying ::1...
* STATE: CONNECT => WAITCONNECT handle 0x6000572d0; line 1143 (connection #0)
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8081 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x6000572d0; line 1240 (connection #0)
* STATE: SENDPROTOCONNECT => DO handle 0x6000572d0; line 1258 (connection #0)
> GET /metrics HTTP/1.1
> Host: localhost:8081
> User-Agent: curl/7.45.0
> Accept: */*
>
* STATE: DO => DO_DONE handle 0x6000572d0; line 1337 (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x6000572d0; line 1464 (connection #0)
* STATE: WAITPERFORM => PERFORM handle 0x6000572d0; line 1474 (connection #0)
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 404 Not Found
* Server Apache-Coyote/1.1 is not blacklisted
< Server: Apache-Coyote/1.1
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=31536000 ; includeSubDomains
< WWW-Authenticate: Basic realm="Spring"
< Content-Length: 0
< Date: Thu, 21 Jan 2016 15:55:12 GMT
<
* STATE: PERFORM => DONE handle 0x6000572d0; line 1632 (connection #0)
* Curl_done
* Connection #0 to host localhost left intact

application.properties

中的相关属性
# Spring Boot Actuator
management.address=127.0.0.1
management.port=8081
security.basic.enabled=false
security.user.name=admin
security.user.password=a1b2c3

为什么会这样?我可以改变吗?

3 个答案:

答案 0 :(得分:2)

您已设置management.context-path=/actuator,因此所有Actuator端点都将以此为前缀。您的网址应为localhost:8080/actuator/metrics

答案 1 :(得分:2)

确保您已添加spring-boot-starter-web:

  <dependency>
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-web</artifactId>
  </dependency>

答案 2 :(得分:0)

1. endpoints.health.enabled=false , in application.properties
This was causing issue at my end. I removed this property from application.properties

2.In pom.xml it should be compile in <scope> tag.
<dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-actuator</artifactId>
        <scope>compile</scope>
</dependency>