springboot执行器为执行器端点返回401

时间:2017-10-31 08:41:05

标签: spring spring-boot spring-security spring-boot-actuator

我正在将一个旧的java spring项目重构为springboot,并以传统的战争风格进行部署。出于某种原因,我必须坚持使用传统的web.xml来启动应用程序。感谢Springboot遗留问题,我可以通过web.xml实现这一目标:

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>com.MyServerServletConfig</param-value>
</context-param>

<listener>
    <listener-class>org.springframework.boot.legacy.context.web.SpringBootContextLoaderListener</listener-class>
</listener>

<servlet>
    <servlet-name>myservlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value></param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>myservlet</servlet-name>
    <url-pattern>/*</url-pattern>
</servlet-mapping>

另外,我添加了springboot执行器依赖性。 application.properties如下所示:

endpoints.enabled=true
endpoints.sensitive=true
management.security.enabled=true
management.context-path=/manage
security.user.password=myserver
security.user.name=myserver

应用程序可以正常启动,但是当我尝试从浏览器访问端点时,它只返回401 Full authentication is required to access this resource错误而不要求我输入用户名和密码。相关日志如下:

16:00:04.264 DEBUG [resin-port-8081-19] org.springframework.web.servlet.DispatcherServlet: DispatcherServlet with name 'myservlet' processing GET request for [/manage/health]
16:00:04.264 DEBUG [resin-port-8081-19] org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMapping: Looking up handler method for path /manage/health
16:00:04.264 DEBUG [resin-port-8081-19] org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMapping: Returning handler method [public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.HealthMvcEndpoint.invoke(javax.servlet.http.HttpServletRequest,java.security.Principal)]
16:00:04.264 DEBUG [resin-port-8081-19] org.springframework.web.servlet.DispatcherServlet: Last-Modified value for [/manage/health] is: -1
16:00:04.264 DEBUG [resin-port-8081-19] org.springframework.core.env.PropertySourcesPropertyResolver: Found key 'endpoints.sensitive' in [applicationConfig: [classpath:../conf/application.properties]] with type [String]
16:00:04.265 DEBUG [resin-port-8081-19] org.springframework.web.servlet.DispatcherServlet: Successfully completed request

这个问题可能是什么原因?由springboot构建的DispatherServlet和在web.xml中明确定义的DispatherServlet之间有什么区别吗?出于安全考虑,management.security.enabled=true是必需的。

1 个答案:

答案 0 :(得分:3)

参见Spring Boot Manual的这一部分:

https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-monitoring.html

特别是本节:

48.1访问敏感端点

通过将端点标记为敏感,除非您使用适当的角色登录,否则无法看到它们。因此,您必须为敏感端点设置Spring Security。

这里有一篇关于如何做到这一点的好博客:

http://www.devglan.com/spring-security/securing-spring-boot-actuator-endpoints-with-spring-security

相关问题
最新问题