Spring Boot Admin配置安全验证

上一篇写了Spring Boot Admin的搭建 spring boot admin 搭建（非常简单）_Muscleheng的博客-CSDN博客

但是没有登录验证，如果线上使用，肯定是不安全的，这里记录一下添加登录验证，非常简单

一、服务端（server端） 1. pom文件添加依赖

		
		
			org.springframework.boot
			spring-boot-starter-security

2. 添加一个配置文件

package com.zhh.dd.config;

import de.codecentric.boot.admin.server.config.AdminServerProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.csrf.cookieCsrfTokenRepository;


@Configuration
public class SecuritySecureConfig extends WebSecurityConfigurerAdapter {

    private final String adminContextPath;

    public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
        this.adminContextPath = adminServerProperties.getContextPath();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        successHandler.setTargetUrlParameter("redirectTo");
        successHandler.setDefaultTargetUrl(adminContextPath + "/");
        http.authorizeRequests()
                //1.配置所有静态资源和登录页可以公开访问
                .antMatchers(adminContextPath + "/assets/**").permitAll()
                .antMatchers(adminContextPath + "/login").permitAll()
                .anyRequest().authenticated()
                .and()
                //2.配置登录和登出路径
                .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
                .logout().logoutUrl(adminContextPath + "/logout").and()
                //3.开启http basic支持，admin-client注册时需要使用
                .httpBasic().and()
                .csrf()
                //4.开启基于cookie的csrf保护
                .csrfTokenRepository(cookieCsrfTokenRepository.withHttponlyFalse())
                //5.忽略这些路径的csrf保护以便admin-client注册
                .ignoringAntMatchers(
                        adminContextPath + "/instances",
                        adminContextPath + "/actuator/**"
                );
    }
}

3. 配置文件配置登录账号和密码

# 登录账号和密码
spring.security.user.name=admin
spring.security.user.password=admin

启动后访问 127.0.0.1:5889

二、客户端（client端） 1. 配置文件配置登录账号和密码

在原始配置上添加两个属性即可 username 和 password

spring:
  boot:
    admin:
      client:
        url: http://127.0.0.1:5889  #要注册的server端的url地址
        username: admin #连接服务端的账号和密码
        password: admin

Spring Boot Admin配置安全验证

Java相关栏目本月热门文章