Spring Boot 2安全性-预先认证的令牌-允许运行状况检查

时间:2019-07-10 10:46:01

标签: java spring spring-boot spring-security spring-boot-actuator

由于缺少(pre_authenticated)令牌,我的Spring Boot Actuator healthCheck被阻止。

有很多可用的答案,但是这是对预认证安全性的干扰。据我搜索,这是不可重复

如何在预先认证的安全环境中允许运行状况检查?

我的问题也是,我是否需要更多设置(例如,application.properties)?

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    private static final Logger logger = LoggerFactory.getLogger(SecurityConfig.class);

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) {
        PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
        provider.setPreAuthenticatedUserDetailsService(new XyzPreAuthenticatedGrantedAuthoritiesUserDetailsService());
        auth.authenticationProvider(provider);
    }

    // Try-1, see below
    @Override
    protected void configure(HttpSecurity http) throws Exception {
      http.addFilterBefore(xyzTokenRequestHeaderAuthenticationFilter(), RequestHeaderAuthenticationFilter.class)
        .csrf().disable()
        .authorizeRequests()
        .antMatchers("/actuator/**").permitAll()
        .anyRequest().authenticated();
    }

    @Bean
    public XyzTokenRequestHeaderAuthenticationFilter xyzTokenRequestHeaderAuthenticationFilter() throws Exception {
        XyzTokenRequestHeaderAuthenticationFilter filter = new XyzTokenRequestHeaderAuthenticationFilter();
        filter.setAuthenticationManager(authenticationManager());
        return filter;
    }
}

我的第二次尝试是: 

@Override
protected void configure(HttpSecurity http) throws Exception {
  http.addFilterBefore(xyzTokenRequestHeaderAuthenticationFilter(), RequestHeaderAuthenticationFilter.class)
    .csrf().disable()
    .authorizeRequests()
    .antMatchers("/actuator/**").permitAll();
}

3 个答案:

答案 0 :(得分:2)

尝试在课堂上添加Object并添加.ignoring()@EnableGlobalMethodSecurity(prePostEnabled = true) 

@Configuration

答案 1 :(得分:0)

问题似乎出在您的XyzTokenRequestHeaderAuthenticationFilter实现上。如果您通过扩展RequestHeaderAuthenticationFilter来编写该代码,则必须将属性exceptionIfHeaderMissing设置为false

如果您没有扩展Spring Security pre auth核心类,那么您需要显示实现。

答案 2 :(得分:0)

xyz过滤器似乎没有以“完美”的方式实现。

这种方式将帮助您正常工作:

1-使用管理端口:

management.server.port=8081
management.security.enabled=false
management.server.address=127.0.0.1
management.server.ssl.enabled=false
management.endpoints.health.sensitive=false
management.endpoint.health.show-details=always

2-同时配置网络和API。在标准部分之外使用它:

@Override
protected void configure(HttpSecurity http) throws Exception {
  http.sessionManagement().sessionCreationPolicy(STATELESS);
  http.csrf().disable();
  http.authorizeRequests()
    .antMatchers("/actuator/**").permitAll()
    .antMatchers("/**").authenticated();
  http.addFilterBefore(xyzTokenRequestHeaderAuthenticationFilter(), AbstractPreAuthenticatedProcessingFilter.class);
}

@Override
public void configure(WebSecurity web) throws Exception {
  web.ignoring().antMatchers("/actuator/**");
}

3-在Docker容器内部,将8081端口用于healthCheck。

相关问题
最新问题