如何重新启用对Spring Boot Health端点的匿名访问? [英] How to re-enable anonymous access to Spring Boot Health endpoint?
问题描述
可能我在这里做错了,我只是弄不清楚...
Probably I'm doing something wrong here, I just can't figure out what...
我有一个Oauth2认证服务器和一个资源服务器相同的应用程序。
I have an Oauth2 authentication server and a resource server within the same application.
资源服务器配置:
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER-1)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
public static final String RESOURCE_ID = "resources";
@Override
public void configure(final ResourceServerSecurityConfigurer resources) {
resources
.resourceId(RESOURCE_ID);
}
@Override
public void configure(final HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/**").access("#oauth2.hasScope('read')")
.antMatchers(HttpMethod.POST, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.PUT, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.PATCH, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.DELETE, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers(HttpMethod.GET, "/health").permitAll();
}
}
认证服务器配置:
@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(final AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService)
.passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and().httpBasic().realmName("OAuth Server");
}
}
当我尝试访问/健康时,我得到了一个HTTP / 1.1 401未经授权。
When I try to access /health, I got a HTTP/1.1 401 Unauthorized.
如何说服Spring Boot使/健康无法匿名访问?
推荐答案
正如M. Deinum所说:
As M. Deinum said:
您指定的顺序你的映射也是
的订单,他们被咨询了。第一场比赛获胜...因为/ **匹配
所有你的/健康地图都没用。移动/ **
映射上方以使其正常运行。 - M. Deinum 8月20日17:56
The order in which you specify your mappings is also the order in which they are consulted. The first match wins... As /** matches everything your /health mapping is useless. Move that above the /** mappings to have it functional. – M. Deinum Aug 20 at 17:56
这篇关于如何重新启用对Spring Boot Health端点的匿名访问?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!