Spring Boot Admin works fine without the spring-boot-starter-security dependency. As soon as I include it, no matter how I configure the security (by application.yml or WebSecurityConfigurerAdapter) everything seems beeing weird.
The result I´m aiming for is that (1) the Spring Boot Admin Server is secured via a login (HTTP Basic Auth for example) and (2) the Client can send data to the secured server.
Here's the configuration I expect to work:
Client: application.yml
spring:
boot:
admin:
client:
url:
- "http://localhost:8090"
instance:
metadata:
user.name: ${myApp.security.usernameAdmin}
user.password: ${myApp.security.passwordAdmin}
username: admin
password: adminPwd
Admin-Server: build.gradle
dependencies {
compile "de.codecentric:spring-boot-admin-starter-server:2.0.0"
compile "org.springframework.boot:spring-boot-starter-security"
}
1st try to make things work Admin-Server: application.yml
server:
port: 8090
spring:
security:
user:
name: admin
password: adminPwd
logging:
level:
org.springframework.security: DEBUG
result: client can't connect
2nd try to make things work Admin-Server: WebSecurityConfigurerAdapter
@Configuration
public class SecuritySecureConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated()
.and().httpBasic();
}
}
result: client can't connect
3rd try to make things work Admin-Server: WebSecurityConfigurerAdapter
@Configuration
public class SecuritySecureConfig extends WebSecurityConfigurerAdapter {
private static final String ADMIN_ROLE = "ADMIN";
private static final String ADMIN_PASSWORD = "adminPwd";
private static final String ADMIN_USER_NAME = "admin";
private final String adminContextPath;
public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
adminContextPath = adminServerProperties.getContextPath();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
successHandler.setTargetUrlParameter("redirectTo");
http.authorizeRequests()
.antMatchers(adminContextPath + "/assets/**").permitAll()
.antMatchers(adminContextPath + "/login").permitAll()
.anyRequest().hasRole(ADMIN_ROLE)
.and()
.formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
.logout().logoutUrl(adminContextPath + "/logout").and()
.httpBasic().and()
.csrf().disable();
// @formatter:on
}
@Override
@Autowired
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser(ADMIN_USER_NAME)
.password(ADMIN_PASSWORD)
.roles(ADMIN_ROLE);
;
}
@Bean
public PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
}
result: client cannot connect...
