How to configure spring boot admin client when authentication is enabled?

Question

I'm trying to set up a sample application using spring boot admin (both server + client side) and have run into an issue with authentication.

When spring security is enabled on the management/actuator endpoints on the client side the spring-boot-admin server does not seem able to communicate with the client -- logging in to the Admin interface via a Web browser results in a continuous loop of authentication windows popping up and prompting for usernames/passwords. Hitting cancel will display an HTTP 401 error on the page.

Here's a configuration that works on the client side:

management.security.enabled=false

security.basic.enabled=true

security.user.name=test

security.user.password=test

spring.boot.admin.url=http://localhost:9081/admin

spring.boot.admin.username=admin

spring.boot.admin.password=admin

This will:

• Disable security for spring-boot's management/actuator resource
• Enable security for all other resources (HTTP basic auth - user: test, password: test)
• Register the spring-admin client on startup using the url http://localhost:9081/admin (HTTP basic auth - user: admin, password:admin)

I'm guessing the spring boot admin app doesn't support communication with secured clients because I don't see any configuration properties that would allow the information to be passed in upon client registration.

Has anyone got around this limitation and if so, how? I'd rather not leave the actuator endpoints "open to the public" so-to-speak, even though they are actually just exposed on the company's internal network.

Answer 1

There is no security feature included since the various solutions look very different. But I've put up some examples: https://github.com/joshiste/spring-boot-admin-samples