弹簧启动致动器已包含在POM中,并显示在启动日志中。 但是,当我尝试访问/ actuator甚至项目的基本URL时,都会得到以下内容-
{
"timestamp": 1577096144986,
"status": 401,
"error": "Unauthorized",
"message": "Full authentication is required to access this resource",
"path": "/actuator"
}
我读到可能为端点设置了基本的HTTP身份验证。 我在配置属性中查找了spring.security.user.name,密码,但找不到任何密码。
如果我点击了http://localhost:8083/actuator,甚至是http://localhost:8083/或映射的API端点以外的任何URL,看来我在浏览器上得到了这个密码提示-
在应用程序日志上,我得到了-
2019-12-23 19:30:54,489 75773 [XNIO-3 task-3] INFO c.c.common.web.LoggerInterceptor [LoggerInterceptor.java:42] - Visitor [okp91Dj1NzT2KPPUjaUvhqEg4oOhwPQ49I9LTR2z] [GET] [/error] [1ms] [OK]
2019-12-23 19:30:54,493 75777 [XNIO-3 task-3] ERROR org.apache.velocity [CommonsLogLogChute.java:96] - ResourceManager : unable to find resource 'error.vm' in any resource loader.
输入凭据后失败,并再次出现密码提示,并重复上述相同的日志。
更新
春季启动版本-1.5.2。释放。
/ src / main / resources中有一个web.xml。它具有以下-
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath*:META-INF/spring/applicationContext*.xml
classpath*:com.packagename
/WEB-INF/spring/oauth-security.xml
/WEB-INF/spring/security-config.xml
classpath*:META-INF/gateway/*.xml
</param-value>
</context-param>
我可以在此微服务组件中找到oauth-security.xml和security.xml文件。
oauth-security.xml具有基于oauth范围的API路径定义-
<sec:http pattern="/service/v2/**"
create-session="never"
entry-point-ref="oauthAuthenticationEntryPoint"
access-decision-manager-ref="accessDecisionManager">
<sec:intercept-url pattern="/some/path/v2/profile/**" access="ROLE_USER,SCOPE_PROFILE" method="GET"/>
我看到了导入webmvc-config.xml的security-config.xml。
我在security-config.xml中看到了一些-
<sec:http pattern="/somepath/**">
<sec:intercept-url pattern="/somepath/**" access="ROLE_USER"/>
<sec:http-basic/>
</sec:http>
但是我在任何地方都看不到/ **路径的任何配置。
更新2
我检查了是否在名为customscopes.properties的文件中似乎也有auth配置,这似乎是一个自定义文件,像这样添加到webmvc-config.xml中-
<bean id="propertyConfigurer"
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="systemPropertiesModeName" value="SYSTEM_PROPERTIES_MODE_OVERRIDE" />
<property name="ignoreResourceNotFound" value="true" />
<property name="locations">
<list>
<value>classpath:/spring/application.properties</value>
<value>classpath:/spring/local.properties</value>
<value>classpath:/spring/customscopes.properties</value>
<value> file:${project.config.dir}/application.properties </value>
<value>file:${project.config.dir}/customscopes.properties</value>
</list>
</property>
</bean>
customscopes.properties具有此类网址-
service / v2 / path / ** = SCOPE_SOMETHING;
同时,oauth-security.xml中有相同的URL-
<sec:intercept-url pattern="/service/v2/path/**" access="SCOPE_SOMETHING"/>
我不确定为什么要有两组配置。我尝试一个接一个地更改它们,同时使另一个保持身份验证。我观察到,仅更改受影响的customscopes.properties-
service/v2/path/**=IS_AUTHENTICATED_ANONYMOUSLY;
我也是Spring Security的新手。我检查了此video tutorial,但在我的项目中找不到那些提到的config方法。没有提及WebSecurityConfigurerAdapter。
但是,在这两个文件上都以IS_AUTHENTICATED_ANONYMOUSLY添加执行器/ **的路径不起作用-开头显示为401错误。
更新3
哦,另一件事-security-config.xml包含
<sec:http pattern="/favicon.ico" security="none"/>
当我访问http://localhost:8083/actuator/和http://localhost:8083/somethingelse/
时,日志会有所不同。http://localhost:8083/actuator/
步骤1-点击此网址-日志-
2019-12-24 12:31:03,051 590999 [XNIO-3 task-16] INFO c.c.common.web.LoggerInterceptor [LoggerInterceptor.java:42] - Visitor [OICBz6CqYzI58UqobnBYNEXsZUNErjBkv6wEUUkX] [GET] [/error] [2ms] [OK]
2019-12-24 12:31:03,054 591002 [XNIO-3 task-16] ERROR org.apache.velocity [CommonsLogLogChute.java:96] - ResourceManager : unable to find resource 'error.vm' in any resource loader.
第2步-取消登录表单-获取favicon.ico而不是/ error-
2019-12-24 12:31:18,641 606589 [XNIO-3 task-20] ERROR org.apache.velocity [CommonsLogLogChute.java:96] - ResourceManager : unable to find resource 'error.vm' in any resource loader.
2019-12-24 12:31:18,912 606860 [XNIO-3 task-21] INFO c.c.common.web.LoggerInterceptor [LoggerInterceptor.java:42] - Visitor [OICBz6CqYzI58UqobnBYNEXsZUNErjBkv6wEUUkX] [GET] [/favicon.ico] [2ms] [OK]
http://localhost:8083/somethingelse
步骤1-点击此网址-日志-
2019-12-24 12:31:03,051 590999 [XNIO-3 task-16] INFO c.c.common.web.LoggerInterceptor [LoggerInterceptor.java:42] - Visitor [OICBz6CqYzI58UqobnBYNEXsZUNErjBkv6wEUUkX] [GET] [/error] [2ms] [OK]
2019-12-24 12:31:03,054 591002 [XNIO-3 task-16] ERROR org.apache.velocity [CommonsLogLogChute.java:96] - ResourceManager : unable to find resource 'error.vm' in any resource loader.
第2步-取消登录表单-再次与上述日志相同
更新4
如果我添加一个类来扩展WebSecurityConfigurerAdapter,并且仅针对所需路径添加一个allowAll()-
@Override
protected void configure(HttpSecurity http) throws Exception {
http.
authorizeRequests().antMatchers("/service/trace/**").permitAll()
.antMatchers("/service/actuator/**").permitAll()
.antMatchers("/actuator/**").permitAll()
.antMatchers("/trace").permitAll()
.antMatchers("/actuator").permitAll();
}
这次我遇到了其他错误(找不到404)-
{
"timestamp": 1577181851520,
"status": 404,
"error": "Not Found",
"message": "Not Found",
"path": "/service/trace"
}
注意-我不确定哪些是可用的执行器端点,因此我尝试确保所有这些组合。如果可以在此基础上进行确认,请参见下面的应用程序启动日志。
针对所有这些网址,我都收到404错误-
http://localhost:8083/service/actuator/beans
http://localhost:8083/actuator/beans
http://localhost:8083/beans
其他经过身份验证的API端点开始出现此错误-
{
"timestamp": 1577181062281,
"status": 403,
"error": "Forbidden",
"message": "Could not verify the provided CSRF token because your session was not found.",
"path": "/service/v2/some/end/point"
}
此外,我发现我们在web.xml中也定义了这些过滤器。因此,似乎有Spring配置以及Spring Boot附加功能。如果我的理解是错误的,请纠正我。
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
因此,问题归结于此-
我无法访问执行器端点。我在包含启动器的应用程序启动日志中看到以下内容,但我似乎也无法加载它们。我猜想Spring的安全性介于两者之间,但无法防止同样的情况发生。
2019-12-24 14:14:10,769 14209 [main] INFO o.s.b.a.e.m.EndpointHandlerMapping [AbstractHandlerMethodMapping.java:543] - Mapped "{[/beans || /beans.json],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
2019-12-24 14:14:10,770 14210 [main] INFO o.s.b.a.e.m.EndpointHandlerMapping [AbstractHandlerMethodMapping.java:543] - Mapped "{[/health || /health.json],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.HealthMvcEndpoint.invoke(javax.servlet.http.HttpServletRequest,java.security.Principal)
2019-12-24 14:14:10,771 14211 [main] INFO o.s.b.a.e.m.EndpointHandlerMapping [AbstractHandlerMethodMapping.java:543] - Mapped "{[/autoconfig || /autoconfig.json],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
2019-12-24 14:14:10,772 14212 [main] INFO o.s.b.a.e.m.EndpointHandlerMapping [AbstractHandlerMethodMapping.java:543] - Mapped "{[/metrics/{name:.*}],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.MetricsMvcEndpoint.value(java.lang.String)
2019-12-24 14:14:10,772 14212 [main] INFO o.s.b.a.e.m.EndpointHandlerMapping [AbstractHandlerMethodMapping.java:543] - Mapped "{[/metrics || /metrics.json],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
注意-
我在application.properties中添加了management.endpoints.web.exposure.include = *
我看不到这样的东西-
2019-12-24 15:57:41.245 INFO 37683 --- [main] o.s.b.a.e.web.EndpointLinksResolver:在基本路径'/ actuator'下暴露18个端点
答案 0 :(得分:0)
由于未在端点上启用安全性,因此发生错误。 对于本地部署的应用程序,将以下配置添加到application.properties文件-
management.security.enabled = false
在生产应用中,需要进行更仔细的配置。
答案 1 :(得分:0)
我遇到了类似的错误,并在application.properties中添加了此配置:
Tester
这将允许您访问所有执行器端点。
答案 2 :(得分:0)
1)我使用Spring Boot 1.5.2测试了代码,发现在此版本中,执行器端点在root('/')路径中可用,而在/ actuator路径中不可用。 您的日志还确认了这一点:
2019-12-24 14:14:10,769 14209 [main] INFO o.s.b.a.e.m.EndpointHandlerMapping [AbstractHandlerMethodMapping.java:543] - Mapped "{[/beans || /beans.json],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
如您在日志中所见,例如bean的端点是/ beans。就您而言http://localhost:8083/beans 另外,您还需要Prerak Jain撰写的以下内容:
management.security.enabled=false
2) 对于HTTP 403的问题:
{
"timestamp": 1577181062281,
"status": 403,
"error": "Forbidden",
"message": "Could not verify the provided CSRF token because your session was not found.",
"path": "/service/v2/some/end/point"
}
要修复此问题,您需要在配置中添加以下内容 “ and()。csrf()。disable()”,例如:
http.authorizeRequests().antMatchers("/service/trace/**").permitAll().and().csrf().disable()
这会禁用csrf令牌内容。
答案 3 :(得分:0)
使用旧版应用程序进行处理从来都不是一件容易的事。确实,您似乎完全将Spring和Spring-boot配置混合在一起。我建议您逐步进行。返回到稳定的工作状态,然后继续:
我一直在使用spring-boot-starter-actuator
和spring-boot-starter-parent
做一些测试。
这是我的pom.xml的内容:
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.2.RELEASE</version>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
</dependencies>
请注意,spring-boot-starter-actuator:2.2.2.RELEASE
的工作方式与spring-boot-starter-actuator:1.5.2.RELEASE
不同,主要涉及安全性。
另请注意,我们使用每个依赖项的starter
。否则,您将不会启用所有的Spring Boot自动配置。
spring-boot-starter-actuator
在您的application.properties
中,添加以下行:
# Make sure every actuator endpoints are located under the same root URL
management.context-path=/actuator
# Disable default actuator security rules to manage everything with your Java configuration
management.security.enabled=false
在您的Java配置类中,扩展WebSecurityConfigurerAdapter
的那一类应用以下更改:
@EnableWebSecurity // Enable spring security configuration
@Configuration // Is a Spring Configuration class
@Order(ManagementServerProperties.ACCESS_OVERRIDE_ORDER) // To override the default actuator security configuration
public class WebSecurity extends WebSecurityConfigurerAdapter {
/**
* We try to make sure you can easily manage spring actuator endpoints
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.mvcMatchers("/actuator/**").authenticated() // To restrict access to authenticated user on actuator endpoints
.anyRequest().permitAll()
.and()
.csrf().disable(); // If you want to POST data, you have to disable CSRF check. Otherwise, you always get an error when POSTing data on an unsecured URL.
}
}
有关CSRF的更多信息,请检查:https://fr.wikipedia.org/wiki/Cross-site_request_forgery
019-12-30 12:13:34.767 INFO 13172 --- [ main] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/actuator/beans || /actuator/beans.json],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
2019-12-30 12:13:34.768 INFO 13172 --- [ main] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/actuator/trace || /actuator/trace.json],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
2019-12-30 12:13:34.769 INFO 13172 --- [ main] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/actuator/configprops || /actuator/configprops.json],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
2019-12-30 12:13:34.773 INFO 13172 --- [ main] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/actuator/metrics/{name:.*}],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.MetricsMvcEndpoint.value(java.lang.String)
2019-12-30 12:13:34.773 INFO 13172 --- [ main] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/actuator/metrics || /actuator/metrics.json],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
2019-12-30 12:13:34.774 INFO 13172 --- [ main] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/actuator/autoconfig || /actuator/autoconfig.json],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
2019-12-30 12:13:34.775 INFO 13172 --- [ main] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/actuator/health || /actuator/health.json],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.HealthMvcEndpoint.invoke(javax.servlet.http.HttpServletRequest,java.security.Principal)
2019-12-30 12:13:34.776 INFO 13172 --- [ main] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/actuator/dump || /actuator/dump.json],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
2019-12-30 12:13:34.778 INFO 13172 --- [ main] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/actuator/heapdump || /actuator/heapdump.json],methods=[GET],produces=[application/octet-stream]}" onto public void org.springframework.boot.actuate.endpoint.mvc.HeapdumpMvcEndpoint.invoke(boolean,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse) throws java.io.IOException,javax.servlet.ServletException
2019-12-30 12:13:34.779 INFO 13172 --- [ main] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/actuator/mappings || /actuator/mappings.json],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
2019-12-30 12:13:34.782 INFO 13172 --- [ main] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/actuator/loggers/{name:.*}],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.LoggersMvcEndpoint.get(java.lang.String)
2019-12-30 12:13:34.783 INFO 13172 --- [ main] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/actuator/loggers/{name:.*}],methods=[POST],consumes=[application/vnd.spring-boot.actuator.v1+json || application/json],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.LoggersMvcEndpoint.set(java.lang.String,java.util.Map<java.lang.String, java.lang.String>)
2019-12-30 12:13:34.784 INFO 13172 --- [ main] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/actuator/loggers || /actuator/loggers.json],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
2019-12-30 12:13:34.785 INFO 13172 --- [ main] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/actuator/auditevents || /actuator/auditevents.json],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public org.springframework.http.ResponseEntity<?> org.springframework.boot.actuate.endpoint.mvc.AuditEventsMvcEndpoint.findByPrincipalAndAfterAndType(java.lang.String,java.util.Date,java.lang.String)
2019-12-30 12:13:34.786 INFO 13172 --- [ main] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/actuator/info || /actuator/info.json],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
2019-12-30 12:13:34.788 INFO 13172 --- [ main] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/actuator/env/{name:.*}],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EnvironmentMvcEndpoint.value(java.lang.String)
2019-12-30 12:13:34.789 INFO 13172 --- [ main] o.s.b.a.e.mvc.EndpointHandlerMapping : Mapped "{[/actuator/env || /actuator/env.json],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
让我知道您是否遇到任何困难,或者您的控制台正在打印不同的输出。 如果任何一项有效,也请分享您的pom.xml。
答案 4 :(得分:0)
运行执行器的一种方法是为执行器服务分配不同的端口 这可以通过在application.properties中添加以下属性来完成
management.server.port=8084
这样,您可以在其他端口上运行和访问执行器,并可以在网关上创建有关如何访问它的规则。
另一种方法是禁用执行器的安全性,以将以下属性添加到application.properties
management.endpoints.web.exposure.include=*
另一种绕过所有安全性的方法是
@Configuration(proxyBeanMethods = false)
public class ActuatorSecurity extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests((requests) ->
requests.anyRequest().permitAll());
}
}
希望有帮助。