spring-boot-actuator報錯Full authentication is required to access this resource

NO IMAGE
異常情況:
/health  只有status資訊,沒有其他
{
  • "status" : "UP"
  • }
  • /metrics 提示沒有許可權
    Whitelabel Error Page
  • This application has no explicit mapping for /error, so you are seeing this as a fallback.
  • Mon Nov 20 10:42:15 CST 2017
  • There was an unexpected error (type=Unauthorized, status=401).
  • Full authentication is required to access this resource.
  • 解決辦法【設定端點訪問 】:
    • 方式1-關閉驗證 
    application.properties新增配置引數
  • management.security.enabled=false
    • 方式2-開啟HTTP basic認證 
      • 新增依賴    
    <dependency> 
  • <groupId>org.springframework.boot</groupId>
  • <artifactId>spring-boot-starter-security</artifactId>
  • </dependency>
    • application.properties 新增使用者名稱和密碼
    security.user.name=admin 
  • security.user.password=123456
  • management.security.enabled=true
  • management.security.role=ADMIN
    • 訪問URL http://localhost:8080/env 後,就看到需要輸入使用者名稱和密碼了。 

    原因分析:
    • Actuator
      endpoints 【斷點】:
  • Actuator endpoints allow you to monitor and interact with your application.
  • Spring Boot includes a number of built-in endpoints and you can also add your own. 

  • For example the health endpoint provides basic application health information.
  • Actuator 端點允許您監視和與您的應用程式進行互動。
  • Spring Boot包含許多內建的端點,您也可以新增自己的端點。
  • 例如, health端點提供基本的應用程式健康資訊。
  • The way that endpoints are exposed will depend on the type of technology that you choose.
  • Most applications choose HTTP monitoring, where the ID of the endpoint is mapped to a URL. 
  • For example, by default, the health endpoint will be mapped to /health.
  • 端點的暴露方式取決於您選擇的技術型別。
  • 大多數應用程式選擇HTTP監視,其中端點的ID對映到一個URL。
  • 例如,預設情況下,health端點將被對映到/health。
  • The following technology agnostic endpoints are available:

    ID Description Sensitive
     Default

    actuator

    Provides a hypermedia-based “discovery page” for the other endpoints. Requires Spring HATEOAS to be on the classpath.

    為其他端點提供基於超媒體的“發現頁面”。要求Spring HATEOAS在類路徑上。

    true

    auditevents

    Exposes audit events information for the current application.

    公開當前應用程式的審計事件資訊。

    true

    autoconfig

    Displays an auto-configuration report showing all auto-configuration candidates and the reason why they ‘were’ or ‘were not’ applied.

    顯示一個auto-configuration的報告,該報告展示所有auto-configuration候選者及它們被應用或未被應用的原因

    true

    beans

    Displays a complete list of all the Spring beans in your application.

    顯示一個應用中所有Spring Beans的完整列表

    true

    configprops

    Displays a collated list of all @ConfigurationProperties.

    顯示一個所有@ConfigurationProperties的整理列表

    true

    dump

    Performs a thread dump.

    執行一個執行緒轉儲

    true

    env

    Exposes properties from Spring’s ConfigurableEnvironment.

    暴露來自Spring ConfigurableEnvironment的屬性

    true

    flyway

    Shows any Flyway database migrations that have been applied.

    顯示已應用的所有Flyway資料庫遷移。

    true

    health

    Shows application health information (when the application is secure, a simple ‘status’ when accessed over an unauthenticated connection or full message details when authenticated).

    顯示應用程式執行狀況資訊(應用程式安全時,通過未經身份驗證的連線訪問時的簡單'狀態'或通過身份驗證時的完整郵件詳細資訊)。

    false

    info

    Displays arbitrary application info.

    顯示任意的應用資訊。

    false

    loggers

    Shows and modifies the configuration of loggers in the application.

    顯示和修改應用程式中的記錄器配置。

    true

    liquibase

    Shows any Liquibase database migrations that have been applied.

    顯示已經應用的任何Liquibase資料庫遷移。

    true

    metrics

    Shows ‘metrics’ information for the current application.

    顯示當前應用程式的“指標”資訊。

    true

    mappings

    Displays a collated list of all @RequestMapping paths.

    顯示所有@RequestMapping路徑的整理列表。

    true

    shutdown

    Allows the application to be gracefully shutdown (not enabled by default).

    允許應用程式正常關機(預設情況下不啟用)。

    true

    trace

    Displays trace information (by default the last 100 HTTP requests).

    顯示跟蹤資訊(預設最後100個HTTP請求)。

    true

    • Accessing sensitive endpoints【訪問敏感端點】

    By default all sensitive HTTP endpoints are secured such that only users that have an ACTUATOR role
    may access them. 

    Security is enforced using the standard HttpServletRequest.isUserInRole method.

    (預設情況下,所有敏感的HTTP端點都是安全的,只有具有ACTUATOR角色的使用者 可以訪問它們。

    安全性是使用標準HttpServletRequest.isUserInRole方法強制執行的 。)

    Use the management.security.roles property if you want something different to ACTUATOR.

    If you are deploying applications behind a firewall, you may prefer that all your actuator endpoints can be accessed without requiring authentication. 

    You can do this by changing the management.security.enabled property:

    application.properties. 

    By default, actuator endpoints are exposed on the same port that serves regular HTTP traffic. 
  • Take care not to accidentally expose sensitive information if you change the management.security.enabled property.
  • (預設情況下,執行器端點暴露在提供常規HTTP通訊的相同埠上。
  • 注意不要在更改management.security.enabled屬性時意外暴露敏感資訊。)
  • If you’re deploying applications publicly, you may want to add ‘Spring Security’ to handle user authentication. 

    When ‘Spring Security’ is added, by default ‘basic’ authentication will be used with the username user and
    a generated password (which is printed on the console when the application starts).

    (如果您公開部署應用程式,則可能需要新增“Spring Security”來處理使用者身份驗證。

    當新增“Spring Security”時,預設情況下,“基本”身份驗證將與使用者名稱user和生成的密碼一起使用(在應用程式啟動時在控制檯上列印)。)

    Generated passwords are logged as the application starts. Search for ‘Using default security password’.
  • 生成的密碼在應用程式啟動時被記錄。搜尋“使用預設安全密碼”。
  • You can use Spring properties to change the username and password and to change the security role(s) required to access the endpoints. 

    For example, you might set the following in your application.properties:

    If you don’t have a use case for exposing basic health information to unauthenticated users, 
  • and you have secured the actuator endpoints with custom security, you can set management.security.enabled to false. 
  • This will inform Spring Boot to skip the additional role check.
  • (如果您沒有用於向未經驗證的使用者公開基本健康資訊的用例,並且已經使用自定義安全保護了執行器端點,則可以設定management.security.enabled 為false。這將通知Spring Boot跳過額外的角色檢查。)
  • 參考來源:https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#production-ready