spring-boot-actuator報錯Full authentication is required to access this resource
By default all sensitive HTTP endpoints are secured such that only users that have an ACTUATOR
role
may access them.
Security is enforced using the standard HttpServletRequest.isUserInRole
method.
(預設情況下,所有敏感的HTTP端點都是安全的,只有具有ACTUATOR
角色的使用者 可以訪問它們。
安全性是使用標準HttpServletRequest.isUserInRole
方法強制執行的
Use the management.security.roles property if you want something different to ACTUATOR.
If you are deploying applications behind a firewall, you may prefer that all your actuator endpoints can be accessed without requiring authentication.
You can do this by changing the management.security.enabled
application.properties.
management.security.enabled=false
Bydefault, actuator endpoints are exposed on the same port that serves regular HTTP traffic.
Take care not to accidentally expose sensitive information
if you change the management.security.enabled property.(預設情況下,執行器端點暴露在提供常規HTTP通訊的相同埠上。
注意不要在更改
management.security.enabled
屬性時意外暴露敏感資訊。)
If you’re deploying applications publicly, you may want to add ‘Spring Security’ to handle user authentication.
When ‘Spring Security’ is added, by default ‘basic’ authentication will be used with the username user
and
a generated password (which is printed on the console when the application starts).
(如果您公開部署應用程式,則可能需要新增“Spring Security”來處理使用者身份驗證。
當新增“Spring Security”時,預設情況下,“基本”身份驗證將與使用者名稱user
和生成的密碼一起使用(在應用程式啟動時在控制檯上列印)。)
Generated passwords are logged as the application starts.Searchfor‘Usingdefault security password’.
生成的密碼在應用程式啟動時被記錄。搜尋“使用預設安全密碼”。
You can use Spring properties to change the username and password and to change the security role(s) required to access the endpoints.
For example, you might set the following in your application.properties
:
security.user.name=admin security.user.password=secret management.security.roles=SUPERUSER
If your application has custom security configuration and you want all your actuator endpoints to be accessible without authentication, you need to explicitly configure that in your security configuration.
Along with that, you need to change the management.security.enabled
property
to false
.
(如果您的應用程式具有自定義安全配置,並且您希望所有執行器端點無需身份驗證即可訪問,則需要在安全配置中明確配置該端點。與此同時,你需要改變management.security.enabled
屬性false
。)
If your custom security configuration secures your actuator endpoints, you also need to ensure that the authenticated user has the roles specified under management.security.roles
.
(如果您的自定義安全配置保護您的執行器端點,則還需要確保經過身份驗證的使用者具有在下指定的角色management.security.roles
。)
If you don’t have a use casefor exposing basic health information to unauthenticated users,
and you have secured the actuator endpoints with custom
security, you can set management.security.enabled to false.This will inform SpringBoot to skip the additional role check.
(如果您沒有用於向未經驗證的使用者公開基本健康資訊的用例,並且已經使用自定義安全保護了執行器端點,則可以設定
management.security.enabled
為false
。這將通知Spring Boot跳過額外的角色檢查。)