Menu
How do I use basic security for management end points such as /env, /health, /metrics?
I want to use different user credentials for the above end points compared to the other application controller end points security.
In my application.properties file, I specified below for the application controller security
security.user.name=user security.user.password=password
But I want different username/password for management end points. Could not find management.security.user.name property.
390
You do that by configuring Spring Security in the application. If Spring Security is on the classpath, Spring Boot automatically secures all HTTP endpoints with “basic” authentication. However, you can further customize the security settings. The first thing you need to do is add Spring Security to the classpath.
For adding a Spring Boot Security to your Spring Boot application, we need to add the Spring Boot Starter Security dependency in our build configuration file. Maven users can add the following dependency in the pom. xml file. Gradle users can add the following dependency in the build.
When we add Spring Actuator Dependencies to our spring boot project, it automatically enables actuator endpoints. Add below dependencies to your spring application to enable spring boot actuator endpoints. Now when you will run the application, you will see actuator endpoints being mapped in the logs.
To implement end points basic security you need to use below code
security.user.name=user
security.user.password=password
and in configuration file should be like below one
@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().anyRequest().authenticated().and().httpBasic();
}
}
still not working then hope this will work
Basic Authentication
62
Spring security has a "global" AuthenticationManager configured in @Bean instances of type GlobalAuthenticationConfigurerAdapter. This AuthenticationManager is the one that is configured by the security.user.* properties, unless you set security.basic.enabled=false. The global AM is also attached to the management endpoints by default, and it is the parent of any "Local" AuthenticationManagers defined in WebSecurityConfigurationAdapters (they are all ProviderManagers).
Thus, if you want different user accounts for management endpoints and application endpoints, you have (at least) two choices:
Define a local AM for your application endpoints in a WebSecurityConfigurationAdapter and ensure that the management endpoints are not covered by that filter. This is easy, since it's what you get without thinking very much and just adding an AuthenticationManagerBuilder to your WebSecurityConfigurationAdapter (as long as it is ordered carefully in relation to the filter that secures the management endpoints).
Use the global AM (or indeed another local one) for application endpoints and reconfigure the security for the management endpoints (e.g. set security.basic.enabled=false and add your own WebSecurityConfigurerAdapter covering the management endpoints). This might be more work, and duplicates some of the Boot defaults, but at least you will know what you are getting.
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
