如何从spring boot admin访问oAuth2安全性背后的执行器端点

时间:2017-07-05 15:05:11

标签: spring-boot-admin

我已经通过oAuth2保护弹簧启动应用程序,只有当执行器端点不安全时,我才能从spring boot admin访问应用程序。我检查了github上的安全样本,即使那里/健康端点没有安全。有没有办法从春季启动管理员那里访问具有oAuth2保护的执行器端点的弹簧启动应用程序。

2 个答案:

答案 0 :(得分:0)

这个问题已经很老了,但是由于根本没有答案。

在启动管理员的de.codecentric.boot.admin.server.config.AdminServerAutoConfiguration.类中,找到方法basicAuthHttpHeadersProviderhttpHeadersProvider。您可以使用此机制来添加自己的标头提供程序。只需提供您自己的AuthHeaderProvider。如下所示:

    @Bean
    public BearerAuthHeaderProvider bearerAuthHeaderProvider(OAuth2RestTemplate template){
        return new BearerAuthHeaderProvider(template);
    }

    @Bean
    public OAuth2RestTemplate restTemplate(OAuth2ProtectedResourceDetails resourceDetails) {
        return new OAuth2RestTemplate(resourceDetails);
    }
    @Bean
    public OAuth2ProtectedResourceDetails clientCredentialsResourceDetails() {
        ClientCredentialsResourceDetails details = new ClientCredentialsResourceDetails ();
        //set you details here: id, clientid, secret, tokenendpoint
        details.setGrantType("client_credentials");
        return details;
    }

这样,InstanceWebClient.builder()将提取您的承载身份验证标头并将其发送到您的执行器端点。

我不确定这是否是正确的解决方案,但这是一个起点。

致谢

答案 1 :(得分:0)

基于WIPU答案,我创建了简单的更新

public class BearerAuthHeaderProvider implements HttpHeadersProvider {

    private final OAuth2RestTemplate template;

    public BearerAuthHeaderProvider(OAuth2RestTemplate template) {
        this.template = template;
    }

    public HttpHeaders getHeaders(Instance ignored) {
        HttpHeaders headers = new HttpHeaders();
        headers.set("Authorization", template.getAccessToken().getTokenType() + " " + template.getAccessToken().getValue());
        return headers;
    }
}

@Configuration
public class AdminServerConfiguration extends AdminServerAutoConfiguration {

    public AdminServerConfiguration(AdminServerProperties adminServerProperties) {
        super(adminServerProperties);
    }

    @Bean
    public OAuth2ProtectedResourceDetails clientCredentialsResourceDetails() {
        ClientCredentialsResourceDetails details = new ClientCredentialsResourceDetails();
        //set you details here: id, clientid, secret, tokenendpoint
        details.setClientId("actuator");
        details.setClientSecret("actuator_password");
        details.setAccessTokenUri("http://localhost:8081/auth-server/oauth/token");
        details.setGrantType("client_credentials");
        return details;
    }

    @Bean
    @Order(0)
    @ConditionalOnMissingBean
    public BearerAuthHeaderProvider bearerAuthHeaderProvider(){
        // couldn't inject differently restTemplate 
        OAuth2ProtectedResourceDetails resourceDetails = this.clientCredentialsResourceDetails();
        OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(resourceDetails);
        return new BearerAuthHeaderProvider(oAuth2RestTemplate);
    }

}