spring-cloud-security icon indicating copy to clipboard operation
spring-cloud-security copied to clipboard

Published 20 hours ago verified publisher icon spring-attic

Clarify use of user roles and (maybe also) basic auth for actuator endpoints

Open dsyer opened this issue 10 years ago • 3 comments

dsyer avatar Jan 13 '15 11:01 dsyer

Hey @dsyer - This would be useful for me. I am attempting to use this configuration

management:
  security:
    role: admin
    enabled: true
  context_path: /admin

In the hopes that I could get the endpoints to only allow users with an 'admin' role to view. Having this documentation would be helpful.

NickPadilla avatar Feb 07 '15 18:02 NickPadilla

For now, i have set management to be on a different port. This is a short term solution as I'd like to see the security checking against the OAuth2Authentication object, for the specified role; also would like to be able to get to these endpoints from Zuul.

NickPadilla avatar Feb 07 '15 20:02 NickPadilla

@NickPadilla I am able to use basic authentication for actuator endpoints with below configuration.

@Configuration
@EnableOAuth2Resource
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

  @Value("${management.contextPath}")
  private String contextPath = "";

  @Override
  public void configure(HttpSecurity http) throws Exception {
    http.regexMatcher("^(?!" + contextPath + ").*$").authorizeRequests()
        .anyRequest().authenticated();
  }
}

ktong avatar Apr 11 '15 04:04 ktong