spring-security 正在尝试保护执行器健康端点,给出403禁止错误

x8diyxa7  于 2022-11-11  发布在  Spring
关注(0)|答案(1)|浏览(115)

我正在尝试使用Spring Security保护执行器健康端点:
为实现这一点,我添加了以下内容:

@Configuration
@EnableWebSecurity
public class ActuatorSecurityConfiguration extends WebSecurityConfigurerAdapter implements ApplicationContextAware {
    private static final String ACTUATOR_ROLE = System.getenv("actuatorRole");

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()

                .antMatchers("/actuator/**")
                .hasRole(ACTUATOR_ROLE)
                .anyRequest().authenticated();
    }
}

我在www.example.com文件中定义了以下属性application.properties:

spring.security.user.name=${username}
spring.security.user.password=${actuatorPassword}
spring.security.user.roles=${actuatorRole}
management.endpoint.health.roles=${actuatorRole}

但是,当我试图运行健康检查后,这个配置,它是给我403禁止错误。谁能请帮助我为什么我得到这个错误?

gudnpqoy

gudnpqoy1#

这是否有助于:

application.properties:
management.endpoints.enabled-by-default=false
management.endpoints.web.exposure.include=health
management.endpoint.health.enabled=true
management.endpoint.health.show-details=always

相关问题