我有一套
# Server
server.servlet.contextPath=/myapp/api
server.port=8080
# Actuator port
management.health.probes.enabled=true
management.server.port=8090
management.endpoints.web.base-path=/myapp/api/actuator
management.metrics.export.prometheus.enabled=true
字符串
像这样简单的授权
@Bean
fun filterChain(http: HttpSecurity): SecurityFilterChain {
http.authorizeHttpRequests()
.requestMatchers(HttpMethod.GET, "/actuator/health").permitAll() # Worked before when everything was on port 8080. Still works but with token
.requestMatchers(HttpMethod.GET, "/myapp/api/actuator/health").permitAll() # Worked when actuator was on different port without token
.requestMatchers(HttpMethod.GET, "/vehicles/**").permitAll()
.anyRequest().authenticated()
.and()
.oauth2ResourceServer()
.jwt()
.jwtAuthenticationConverter(jwtAuthenticationConverter())
return http.build()
}
型
之前我用端口8080运行一切.现在我需要运行日志辅助端口.两者都必须有基本路径开始/myapp/API/.什么是最佳实践的方式做到这一点?
1条答案
按热度按时间qv7cva1a1#
您可以为每个端口使用两个单独的
SecurityConfigurerAdapter
示例:字符串
actuatorSecurityConfigurerAdapter
为执行器端点配置安全性,appSecurityConfigurerAdapter
为应用程序端点配置安全性。securityFilterChain bean将这两种配置应用于整体安全设置。通过这种方式,您可以为执行器和应用程序端点提供不同的安全配置,并且它们将基于指定的基本路径应用。