1

I'm getting the following errors reported from Spring Boot Admin when changing the logging level:

enter image description here

I checked Spring Boot Admin's log and it reports no error. But when I try to change level via curl:

curl -X "POST"  "http://localhost:9010/actuator/loggers/com.netflix" -H "Content-Type: application/json; charset=utf-8" -d $'{"configuredLevel": "ERROR"}'

I get the following error:

{"timestamp":"2021-09-17T21:27:54.076+00:00","status":403,"error":"Forbidden","message":"","path":"/actuator/loggers/com.netflix"}

The application for which I'm trying to change the logging level is configured as follows:

@EnableWebSecurity
public class SecurityConfiguration  {

    @Configuration
    @Order(1) 
    public static class ActuatorSecurityConfiguration extends WebSecurityConfigurerAdapter {

        @Override   
        protected void configure(HttpSecurity http) throws Exception {
            http
                .antMatcher("/actuator/**")
                .authorizeRequests()
                .antMatchers("/actuator/**")
                .authenticated()
                .and()
                .httpBasic();
         }
        
    }
        
    @Configuration
    public static class MainSecurityConfiguration extends WebSecurityConfigurerAdapter {

        @Bean
        public AjaxLoginUrlAuthenticationEntryPoint entryPoint() {
            return new AjaxLoginUrlAuthenticationEntryPoint("/login");
        }
                
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                .authorizeRequests()
                    .antMatchers("/js/entry.js", "/entry")
                    .access("hasRole('ROLE_READ-ONLY')")
                    .anyRequest()
                    .permitAll()
                    .and()
                    .formLogin()
                    .loginPage("/login")
                    .permitAll()
                    .and()
                    .csrf()
                    .ignoringAntMatchers("/actuator/**")
                    .and()
                    .exceptionHandling()
                    .authenticationEntryPoint(entryPoint())
                    .and()
                    .formLogin()
                    .defaultSuccessUrl("/entry", true);
        }
        
        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            //ldap config
        }
        
    }
}

And here's my application.yml file

---
spring:
  profiles:
    active: dev
  application:
    name: my-app
server:
  port: 9010
feign:
  client:
    config:
      default:
        connectTimeout: 0
        readTimeout: 0
management:
  endpoints:
    web:
      exposure:
        include: "*"
  health:
    ldap:
      enabled: false
  endpoint:
    health:
      show-details: always
logging:
  file: 
    name: /var/data/${spring.application.name}/${spring.application.name}.log
---
spring:
  config:
    activate:
      on-profile: dev
  boot:
    admin:
      client:
        url: http://localhost:9090
        username: admin
        password: pass
        instance:
          metadata:
            user:
              name: admin
              password: pass
  security:
    user:
      name: admin #and yet again... how many places do I have to set this?
      password: pass #and yet again... how many places do I have to set this?

How do I allow changing the logging level with basic auth involved? More specifically, how will I configure Spring Boot Admin to authenticate with the actuator using HTTP Basic auth?

user8297969
  • 415
  • 1
  • 6
  • 18

0 Answers0