我有一个 SpringBoot 应用程序,其配置在端口 8081 上运行:
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf(AbstractHttpConfigurer::disable)
.exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler))
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(auth ->
auth.requestMatchers("/api/auth/**").permitAll()
.requestMatchers("/actuator/**").permitAll()
.requestMatchers("/api/languages").permitAll()
.requestMatchers("/api/actuator/health").permitAll()
.requestMatchers("/api/auth/sendMailOTP").permitAll()
.requestMatchers("/api/messages/**").permitAll()
.requestMatchers("/api/auth/socialSignin").permitAll()
.requestMatchers("/api/geoDetails").permitAll()
.requestMatchers("/api/legalinfo/**").permitAll()
.requestMatchers("/api/legalinfo/*").permitAll()
.requestMatchers("/api/legalinfo/eula").permitAll()
.requestMatchers("/api/users/uploadFile/**").permitAll()
.requestMatchers("/api/users/sendEmail").permitAll()
.requestMatchers("/api/legalinfo/privacy").permitAll()
.requestMatchers("/api/changeuserpassword").permitAll()
.requestMatchers("/api/forgotmypassword").permitAll()
.requestMatchers("/api/validateEmail").permitAll()
.requestMatchers("/api/checkToken").permitAll()
.requestMatchers("/api/checkOTPToken").permitAll()
.anyRequest().authenticated()
);
http.authenticationProvider(authenticationProvider());
http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
return http.build();
}
正在做:
http://172.105.90.17:8081/actuator/health我明白了:
{
"status": "UP"
}
但访问:
http://172.105.90.17:8081/actuator/metrics我收到:
{
"message": "Full authentication is required to access this resource"
}
添加 .requestMatchers("/api/actuator/metrics").permitAll()