15.Spring Security对Actuator进行访问控制

15.Spring Security对Actuator进行访问控制

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.example</groupId>
    <artifactId>demo</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>demo</name>
    <description>Demo project for Spring Boot with Spring Security</description>

    <!-- Spring Boot 3.1.5 父依赖 -->
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>3.1.5</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

    <properties>
        <java.version>17</java.version> <!-- Spring Boot 3.x 需要 Java 17 -->
    </properties>

    <dependencies>
        <!-- Spring Web 依赖 -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>
        </dependency>


<!--         Spring Security 依赖 -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <!-- Spring Boot Maven 插件 -->
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>

Spring boot 启动类

DemoApplicatiom.java

package com.example.demo;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class DemoApplication {
    public static void main(String[] args) {
        SpringApplication.run(DemoApplication.class, args);
    }
}

运行

在pom.xml中引入spring security的依赖后，随意输入路径，便已经开始拦截了，都会跳转到默认自带的/login这个页面

用户名默认为user
密码会在启动时，显示在控制台，本次密码a1ea7d76-5937-4ce7-a896-c4d6f83e05c1

在本例中，只有登陆成功，才可以访问到actuator的端点们

自定义Spring security的账号密码

application.yml

server:
  port: 8080

management:
  endpoints:
    web:
      exposure:
        include: "*"  # 暴露actuator的所有端点
        
spring:
  security:
    user:
      name: admin
      password: admin123 #Spring security的自定义账号密码

备注:如果要进行更细粒度的访问控制，可以使用spring security编写代码，对具体的路径进行访问控制