弹簧启动致动器:固定其他致动器的端点后,运行状况端点不会显示详细信息

时间:2019-07-01 16:11:03

标签: spring-boot spring-security spring-boot-actuator

目标:保护所有执行器端点(信息和健康状况除外),但为了健康,请在验证用户身份后显示详细信息。

我的pom只有spring-boot-starter-webspring-boot-starter-securityspring-boot-starter-web(春季启动版本:2.1.6.RELEASE),整个配置为

@Configuration
public class ActuatorSecurity extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.requestMatcher(EndpointRequest.toAnyEndpoint().excluding("info", "health"))
        .authorizeRequests()
        .anyRequest().authenticated()
        .and()
        .httpBasic();
  }
}

application.yml

management:
  endpoints:
    web:
      exposure:
        include: "*"
  endpoint:
    health:
      show-details: "when-authorized"

这可以保护所有端点,并提供未经身份验证的信息和健康访问。但是,当使用凭据访问运行状况时,它不会返回详细信息。在这种情况下,management.endpoint.health.show-details="when-authorized"似乎被忽略了。

有人知道如何解决此问题吗?

1 个答案:

答案 0 :(得分:2)

应该使用

 protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
        .requestMatchers(EndpointRequest.toAnyEndpoint()
        .excluding("info", "health")).authenticated()
        .and().httpBasic();
  }

 protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
        .requestMatchers(EndpointRequest.to("info", "health"))
        .permitAll()
        .anyRequest().authenticated()
        .and().httpBasic();
  }