如何使用基本路径在2个不同端口上处理具有 spring security 的执行器和服务器？

zlhcx6iw 于 5个月前发布在 Spring

关注(0)|答案(1)|浏览(74)

我有一套

# Server
server.servlet.contextPath=/myapp/api
server.port=8080

# Actuator port
management.health.probes.enabled=true
management.server.port=8090
management.endpoints.web.base-path=/myapp/api/actuator
management.metrics.export.prometheus.enabled=true

字符串
像这样简单的授权

@Bean
    fun filterChain(http: HttpSecurity): SecurityFilterChain {
        http.authorizeHttpRequests()
            .requestMatchers(HttpMethod.GET, "/actuator/health").permitAll() # Worked before when everything was on port 8080. Still works but with token
            .requestMatchers(HttpMethod.GET, "/myapp/api/actuator/health").permitAll() # Worked when actuator was on different port without token
            .requestMatchers(HttpMethod.GET, "/vehicles/**").permitAll() 
            .anyRequest().authenticated()
            .and()
            .oauth2ResourceServer()
            .jwt()
            .jwtAuthenticationConverter(jwtAuthenticationConverter())
        return http.build()
    }

型
之前我用端口8080运行一切.现在我需要运行日志辅助端口.两者都必须有基本路径开始/myapp/API/.什么是最佳实践的方式做到这一点？

spring

来源：https://stackoverflow.com/questions/77660122/how-to-handle-actuator-and-server-with-spring-security-on-2-different-ports-usin

1条答案

按热度按时间

qv7cva1a1#

您可以为每个端口使用两个单独的SecurityConfigurerAdapter示例：

@Configuration
@EnableWebSecurity
class SecurityConfig {

    @Bean
    fun actuatorSecurityConfigurerAdapter(): SecurityConfigurerAdapter {
        return object : SecurityConfigurerAdapter() {
            override fun configure(http: HttpSecurity) {
                http.antMatcher("/myapp/api/actuator/**")
                    .authorizeRequests {
                        it.antMatchers(HttpMethod.GET, "/myapp/api/actuator/health").permitAll()
                        // Other actuator endpoints can be configured here
                    }
                    .anyRequest().authenticated()
                    .and()
                    .oauth2ResourceServer()
                    .jwt()
                    .jwtAuthenticationConverter(jwtAuthenticationConverter())
            }
        }
    }

    @Bean
    fun appSecurityConfigurerAdapter(): SecurityConfigurerAdapter {
        return object : SecurityConfigurerAdapter() {
            override fun configure(http: HttpSecurity) {
                http.antMatcher("/myapp/api/**")
                    .authorizeRequests {
                        it.antMatchers(HttpMethod.GET, "/myapp/api/vehicles/**").permitAll()
                        // Other application endpoints can be configured here
                    }
                    .anyRequest().authenticated()
                    .and()
                    .oauth2ResourceServer()
                    .jwt()
                    .jwtAuthenticationConverter(jwtAuthenticationConverter())
            }
        }
    }

    @Bean
    fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
        http.csrf().disable() // Disable CSRF for simplicity
        http.apply(actuatorSecurityConfigurerAdapter())
        http.apply(appSecurityConfigurerAdapter())
        return http.build()
    }

字符串
actuatorSecurityConfigurerAdapter为执行器端点配置安全性，appSecurityConfigurerAdapter为应用程序端点配置安全性。securityFilterChain bean将这两种配置应用于整体安全设置。
通过这种方式，您可以为执行器和应用程序端点提供不同的安全配置，并且它们将基于指定的基本路径应用。

赞(0）回复(0）举报 5个月前

我来回答

如何使用基本路径在2个不同端口上处理具有 spring security 的执行器和服务器？

1条答案

相关问题

热门标签

最新问答