1.3 配置Spring Security - liumapp/spring-boot-admin-in-docker GitHub Wiki

首先请将项目切换到v1.3.0版本

git checkout v1.3.0

在之前的版本中,我们并没有引入spring security

这意味着admin-server管理控制台随便是谁都可以登录,这在本地开放环境下是没有什么影响的

但是如果发布到线上呢?

所以接下来要实现的功能,就是给admin-server添加一个登录登出的界面跟按钮

相关效果如下图

1.jpg

2.jpg

首先我们要对admin-server引入spring security

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-security</artifactId>
</dependency>

随后进行配置:

spring:
  security:
    user:
      name: "admin"
      password: "adminadmin"

eureka:
    metadata-map:
      user.name: "admin"
      user.password: "adminadmin"

user.name与user.password便是登录的账号与密码

接下来修改启动类的代码:

@Configuration
@EnableAutoConfiguration
@EnableDiscoveryClient
@EnableAdminServer
public class AdminServerMain {

    public static void main(String[] args) {
        SpringApplication.run(AdminServerMain.class, args);
    }

    @Configuration
    public static class SecuritySecureConfig extends WebSecurityConfigurerAdapter {

        private final String adminContextPath;

        public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
            this.adminContextPath = adminServerProperties.getContextPath();
        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            // @formatter:off
            SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
            successHandler.setTargetUrlParameter("redirectTo");
            successHandler.setDefaultTargetUrl(adminContextPath + "/");

            http.authorizeRequests()
                    .antMatchers(adminContextPath + "/assets/**").permitAll()
                    .antMatchers(adminContextPath + "/login").permitAll()
                    .anyRequest().authenticated()
                    .and()
                    .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
                    .logout().logoutUrl(adminContextPath + "/logout").and()
                    .httpBasic().and()
                    .csrf()
                    .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
                    .ignoringAntMatchers(
                            adminContextPath + "/instances",
                            adminContextPath + "/actuator/**",
                            adminContextPath + "/logout"
                    );
            // @formatter:on
        }

    }

}

启动类代码主要是参考spring boot admin官方手册上的

但是他们的官方手册有一个bug:

当你完全按照官方手册上来的做,你会发现点击"log out"按钮的时候,会报403异常

我附上的代码把这个bug解决掉了

接下来配置admin-client端,只需要在其注册到eureka的时候,附上admin-server配置的账号密码即可:

eureka:
  instance:
    metadata-map:
      user.name: "admin"
      user.password: "adminadmin"
⚠️ **GitHub.com Fallback** ⚠️