Home » Java » java – Spring Boot Admin – Basic Auth-Exceptionshub

java – Spring Boot Admin – Basic Auth-Exceptionshub

Posted by: admin February 25, 2020 Leave a comment

Questions:

I’m setting up basic auth in my sb-admin and client, but the client can’t register (401 unauthorized). Everything works without auth.

SB-Admin configuration:

  • application.properties
    server.port=8080

    spring.application.name=SB Admin
    spring.boot.admin.ui.title=SB Admin

    spring.security.user.name=admin
    spring.security.user.password=admin
  • build.gradle
    implementation 'org.springframework.boot:spring-boot-starter-web'
    implementation 'org.springframework.boot:spring-boot-starter-security'
    implementation 'de.codecentric:spring-boot-admin-starter-server'

Client configuration:

  • application.properties
    server.port=9000
    management.endpoints.web.exposure.include=*
    management.security.enabled=false

    spring.boot.admin.client.enabled=true
    spring.boot.admin.client.url=http://localhost:8080
    spring.boot.admin.client.username=admin
    spring.boot.admin.client.password=admin
  • build.gradle
    implementation 'org.springframework.boot:spring-boot-starter-web'
    implementation 'org.springframework.boot:spring-boot-starter-security'
    implementation 'org.springframework.boot:spring-boot-starter-actuator'
    implementation 'de.codecentric:spring-boot-admin-starter-client'

Security Config

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private final String adminContextPath;
    private final AdminServerProperties adminServer;

    public SecurityConfig(AdminServerProperties adminServerProperties) {
        this.adminContextPath = adminServerProperties.getContextPath();
        this.adminServer = adminServerProperties;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        successHandler.setTargetUrlParameter("redirectTo");
        successHandler.setDefaultTargetUrl(this.adminServer.path("/"));

        http.authorizeRequests((authorizeRequests) -> authorizeRequests.antMatchers(this.adminServer.path("/assets/**"))
                .permitAll().antMatchers(this.adminServer.path("/login")).permitAll().anyRequest().authenticated())
                .formLogin((formLogin) -> formLogin.loginPage(this.adminServer.path("/login"))
                        .successHandler(successHandler).and())
                .logout((logout) -> logout.logoutUrl(this.adminServer.path("/logout")))
                .httpBasic(Customizer.withDefaults())
                .csrf((csrf) -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
                        .ignoringRequestMatchers(
                                new AntPathRequestMatcher(this.adminServer.path("/instances"),
                                        HttpMethod.POST.toString()),
                                new AntPathRequestMatcher(this.adminServer.path("/instances/*"),
                                        HttpMethod.DELETE.toString()),
                                new AntPathRequestMatcher(this.adminServer.path("/actuator/**"))))
                .rememberMe((rememberMe) -> rememberMe.key(UUID.randomUUID().toString()).tokenValiditySeconds(1209600));
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("admin").password("admin").roles("USER");
    }

}

Does anybody can help me please?

How to&Answers:

It’s not enough just to add the spring security starter. You have to add a configuration class annotated with @EnableWebSecurity. Typically it’d be something like the following class, where you could configure things that are related to security of your app.

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/css/**", "/index").permitAll();  
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER");
    }
}