我已经通过oAuth2保护弹簧启动应用程序,只有当执行器端点不安全时,我才能从spring boot admin访问应用程序。我检查了github上的安全样本,即使那里/健康端点没有安全。有没有办法从春季启动管理员那里访问具有oAuth2保护的执行器端点的弹簧启动应用程序。
答案 0 :(得分:0)
这个问题已经很老了,但是由于根本没有答案。
在启动管理员的de.codecentric.boot.admin.server.config.AdminServerAutoConfiguration.
类中,找到方法basicAuthHttpHeadersProvider
和httpHeadersProvider
。您可以使用此机制来添加自己的标头提供程序。只需提供您自己的AuthHeaderProvider。如下所示:
@Bean
public BearerAuthHeaderProvider bearerAuthHeaderProvider(OAuth2RestTemplate template){
return new BearerAuthHeaderProvider(template);
}
@Bean
public OAuth2RestTemplate restTemplate(OAuth2ProtectedResourceDetails resourceDetails) {
return new OAuth2RestTemplate(resourceDetails);
}
@Bean
public OAuth2ProtectedResourceDetails clientCredentialsResourceDetails() {
ClientCredentialsResourceDetails details = new ClientCredentialsResourceDetails ();
//set you details here: id, clientid, secret, tokenendpoint
details.setGrantType("client_credentials");
return details;
}
这样,InstanceWebClient.builder()
将提取您的承载身份验证标头并将其发送到您的执行器端点。
我不确定这是否是正确的解决方案,但这是一个起点。
致谢
答案 1 :(得分:0)
基于WIPU答案,我创建了简单的更新
public class BearerAuthHeaderProvider implements HttpHeadersProvider {
private final OAuth2RestTemplate template;
public BearerAuthHeaderProvider(OAuth2RestTemplate template) {
this.template = template;
}
public HttpHeaders getHeaders(Instance ignored) {
HttpHeaders headers = new HttpHeaders();
headers.set("Authorization", template.getAccessToken().getTokenType() + " " + template.getAccessToken().getValue());
return headers;
}
}
和
@Configuration
public class AdminServerConfiguration extends AdminServerAutoConfiguration {
public AdminServerConfiguration(AdminServerProperties adminServerProperties) {
super(adminServerProperties);
}
@Bean
public OAuth2ProtectedResourceDetails clientCredentialsResourceDetails() {
ClientCredentialsResourceDetails details = new ClientCredentialsResourceDetails();
//set you details here: id, clientid, secret, tokenendpoint
details.setClientId("actuator");
details.setClientSecret("actuator_password");
details.setAccessTokenUri("http://localhost:8081/auth-server/oauth/token");
details.setGrantType("client_credentials");
return details;
}
@Bean
@Order(0)
@ConditionalOnMissingBean
public BearerAuthHeaderProvider bearerAuthHeaderProvider(){
// couldn't inject differently restTemplate
OAuth2ProtectedResourceDetails resourceDetails = this.clientCredentialsResourceDetails();
OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(resourceDetails);
return new BearerAuthHeaderProvider(oAuth2RestTemplate);
}
}