您需要在中实现以下方法
@SpringBootApplication类

@SpringBootApplication
 @EnableResourceServer
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 @Configuration
 public class BusinessLogicServiceApplication extends ResourceServerConfigurerAdapter {

 public static void main(String[] args) throws IOException {
    ConfigurableApplicationContext context =  
    SpringApplication.run(BusinessLogicServiceApplication.class, args);
    }

  @Override
  public void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .antMatchers("/health").permitAll().anyRequest().authenticated();

    }
}

@Configuration
@EnableOAuth2Sso
class MyConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/actuator/health")
                .permitAll()
            .anyRequest()
                .authenticated();
    }

}

确保在WebSecurityConfigurerAdapter类上使用@EnableOAuth2Sso，这一点很重要，因为它将包含OAuth2SsoCustomConfiguration，OAuth2SsoCustomConfiguration基本上复制了OAuth2SsoDefaultConfiguration#configure的功能。
您可能还希望显示完整的健康详细信息：

management:
  endpoint:
    health:
      show-details: always

以下是可能的检查。

• • 溶液1**：确保您正在使用

org.springframework.core.annotation.Order
代替
org.apache.logging.log4j.core.config.Order
由于Spring没有解析正确的注解，因此它假设两种配置的默认值都是100。

• • 溶液2**：

也许你已经用@EnableWebSecurity标注了另一个类，但是要注意只有一个类可以实现这个标注。

• • 溶液3**：参考此https://stackoverflow.com/a/44076087/6572971

解决方案四：

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
public class DemoConfigurer extends WebSecurityConfigurerAdapter {
    @Override
    public void configure(HttpSecurity http) throws Exception{
        http.authorizeRequests().antMatchers("/health").permitAll();
        super.configure(http);
    }
}

我认为您可以使用自己的实现来扩展您使用的实现（OAuth2SsoDefaultConfiguration，如果我没弄错的话），然后扩展configure方法以忽略您的健康端点。

@Override
public void configure(final HttpSecurity http) throws Exception {
    http.regexMatchers("/health",)
        .permitAll()
}

顺便说一下Also, I tried to explicitly set higher order for my own security configuration, but looks like autoconfigured one overrides mine.@Order的工作方式是，数字越小优先级越高，所以这就解释了为什么自动配置会覆盖你的。https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/core/annotation/Order.html

management.security.enabled:false在spring Boot 2中不再有效。我们需要采取ConfigurerAdapter的方式。下面是我使用OAuth2资源服务器时的代码。

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

/**
 * to disable security for acutator endpoints.
 *
 */
@Configuration
public class ActuatorSecurityConfigurer extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.authorizeRequests().antMatchers("/actuator").permitAll();
    }
}

management.security.enabled: false
不适用于 Spring Boot 2.x版本

对于Kotlin

@Configuration
class SecurityConfiguration : WebSecurityConfigurerAdapter() {
    override fun configure(httpSecurity: HttpSecurity) {
        httpSecurity.authorizeRequests().antMatchers("/actuator").permitAll()
    }
}

您也可以在应用程序中使用management.security.enabled: false.propeeties（或. yaml）。它将自动删除执行器公开端点的任何安全性