I'm trying to set up a sample application using spring boot admin (both server + client side) and have run into an issue with authentication.
When spring security is enabled on the management/actuator endpoints on the client side the spring-boot-admin server does not seem able to communicate with the client -- logging in to the Admin interface via a Web browser results in a continuous loop of authentication windows popping up and prompting for usernames/passwords. Hitting cancel will display an HTTP 401 error on the page.
Here's a configuration that works on the client side:
management.security.enabled=false
security.basic.enabled=true
security.user.name=test
security.user.password=test
spring.boot.admin.url=http://localhost:9081/admin
spring.boot.admin.username=admin
spring.boot.admin.password=admin
This will:
I'm guessing the spring boot admin app doesn't support communication with secured clients because I don't see any configuration properties that would allow the information to be passed in upon client registration.
Has anyone got around this limitation and if so, how? I'd rather not leave the actuator endpoints "open to the public" so-to-speak, even though they are actually just exposed on the company's internal network.
First, add the following Spring Boot Admin starter client dependency and Spring Boot starter actuator dependency in your build configuration file. Gradle users can add the following dependencies in your build. gradle file. Now, add the Spring Boot Admin Server URL into your application properties file.
For building a Spring Boot Admin Server we need to add the below dependencies in your build configuration file. Add the @EnableAdminServer annotation in your main Spring Boot application class file. The @EnableAdminServer annotation is used to make your as Admin Server to monitor all other microservices.
You do that by configuring Spring Security in the application. If Spring Security is on the classpath, Spring Boot automatically secures all HTTP endpoints with “basic” authentication. However, you can further customize the security settings. The first thing you need to do is add Spring Security to the classpath.
There is no security feature included since the various solutions look very different. But I've put up some examples: https://github.com/joshiste/spring-boot-admin-samples
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With