如何使用基本路径在2个不同端口上使用Spring Security处理执行器和服务器?

问题描述 投票:0回答:1

我有这个设置

# Server
server.servlet.contextPath=/myapp/api
server.port=8080

# Actuator port
management.health.probes.enabled=true
management.server.port=8090
management.endpoints.web.base-path=/myapp/api/actuator
management.metrics.export.prometheus.enabled=true

像这样简单的授权

@Bean
    fun filterChain(http: HttpSecurity): SecurityFilterChain {
        http.authorizeHttpRequests()
            .requestMatchers(HttpMethod.GET, "/actuator/health").permitAll() # Worked before when everything was on port 8080. Still works but with token
            .requestMatchers(HttpMethod.GET, "/myapp/api/actuator/health").permitAll() # Worked when actuator was on different port without token
            .requestMatchers(HttpMethod.GET, "/vehicles/**").permitAll() 
            .anyRequest().authenticated()
            .and()
            .oauth2ResourceServer()
            .jwt()
            .jwtAuthenticationConverter(jwtAuthenticationConverter())
        return http.build()
    }

之前我曾经在端口 8080 上运行所有内容。现在我需要在辅助端口上运行日志。两者都必须具有以 /myapp/api/ 开头的基本路径。 执行此操作的最佳实践方法是什么?

java spring spring-security spring-boot-actuator
1个回答
0
投票

您可以为每个端口使用两个单独的 

SecurityConfigurerAdapter
实例:

@Configuration
@EnableWebSecurity
class SecurityConfig {

    @Bean
    fun actuatorSecurityConfigurerAdapter(): SecurityConfigurerAdapter {
        return object : SecurityConfigurerAdapter() {
            override fun configure(http: HttpSecurity) {
                http.antMatcher("/myapp/api/actuator/**")
                    .authorizeRequests {
                        it.antMatchers(HttpMethod.GET, "/myapp/api/actuator/health").permitAll()
                        // Other actuator endpoints can be configured here
                    }
                    .anyRequest().authenticated()
                    .and()
                    .oauth2ResourceServer()
                    .jwt()
                    .jwtAuthenticationConverter(jwtAuthenticationConverter())
            }
        }
    }

    @Bean
    fun appSecurityConfigurerAdapter(): SecurityConfigurerAdapter {
        return object : SecurityConfigurerAdapter() {
            override fun configure(http: HttpSecurity) {
                http.antMatcher("/myapp/api/**")
                    .authorizeRequests {
                        it.antMatchers(HttpMethod.GET, "/myapp/api/vehicles/**").permitAll()
                        // Other application endpoints can be configured here
                    }
                    .anyRequest().authenticated()
                    .and()
                    .oauth2ResourceServer()
                    .jwt()
                    .jwtAuthenticationConverter(jwtAuthenticationConverter())
            }
        }
    }

    @Bean
    fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
        http.csrf().disable() // Disable CSRF for simplicity
        http.apply(actuatorSecurityConfigurerAdapter())
        http.apply(appSecurityConfigurerAdapter())
        return http.build()
    }


actuatorSecurityConfigurerAdapter
配置执行器端点的安全性,
appSecurityConfigurerAdapter
配置应用程序端点的安全性。 securityFilterChain bean 将这两种配置应用于整体安全设置。

这样,您可以为执行器和应用程序端点拥有不同的安全配置,并且它们将根据指定的基本路径应用。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.