我试图理解为什么 Spring security 拒绝访问/actuator/health 谁能发现问题所在吗?
日志显示:
27/02/2020 11:24:57.902 [http-nio-4104-exec-1] [,,] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/actuator/health'; against '/actuator/**'
27/02/2020 11:24:57.902 [http-nio-4104-exec-1] [,,] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /actuator/health; Attributes: [hasIpAddress('127.0.0.1/32')]
27/02/2020 11:24:57.902 [http-nio-4104-exec-1] [,,] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@187dbd2d: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
27/02/2020 11:24:57.909 [http-nio-4104-exec-1] [,,] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@790ce264, returned: -1
27/02/2020 11:24:57.912 [http-nio-4104-exec-1] [,,] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at no.gjensidige.bank.nasasupport.jwt.JwtTokenFilter.doFilterInternal(JwtTokenFilter.java:60) [15 skipped]
at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256) [41 skipped]
at java.base/java.lang.Thread.run(Thread.java:830) [13 skipped]
http
.antMatcher("/**") // If you want to override the security provided by Spring Boot.
.cors().and()
.csrf().disable()
.authorizeRequests()
.antMatchers("/actuator/**")
.access("hasIpAddress('127.0.0.1/32')")
.antMatchers("/api")
.hasAnyAuthority("not important")
.antMatchers("/actuator/health", "/open/**")
.permitAll()
.anyRequest()
.denyAll();
有人发现错误了吗?我正在使用 spring-boot-2.2.2.RELEASE
我必须添加这个:
@SpringBootApplication(exclude = {UserDetailsServiceAutoConfiguration.class}) to
删除默认生成的密码。无论是否排除 UserDetailsServiceAutoConfiguration,我都会收到相同的错误。
最佳答案
我们使用此配置来实现与您的要求类似的目标:health
和 prometheus
端点必须无需身份验证即可访问。允许来自 localhost
(在我们的例子中运行 Docker 容器)或来自任何经过身份验证的用户的请求。
private static final String ACTUATOR_BASE = "/actuator";
private static final String MATCHERS_ACTUATOR_HEALTH = ACTUATOR_BASE + "/health";
private static final String MATCHERS_ACTUATOR_PROMETHEUS = ACTUATOR_BASE + "/prometheus";
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(MATCHERS_ACTUATOR_HEALTH).permitAll()
.antMatchers(MATCHERS_ACTUATOR_PROMETHEUS).permitAll()
.anyRequest()
.access("hasIpAddress('127.0.0.0/8') or hasIpAddress('::1') or isAuthenticated()")
.and()
.httpBasic()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
关于java - Spring Security 拒绝访问/actor/health,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60432895/