15.Spring Security对Actuator进行访问控制
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><groupId>com.example</groupId><artifactId>demo</artifactId><version>0.0.1-SNAPSHOT</version><name>demo</name><description>Demo project for Spring Boot with Spring Security</description><!-- Spring Boot 3.1.5 父依赖 --><parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>3.1.5</version><relativePath/> <!-- lookup parent from repository --></parent><properties><java.version>17</java.version> <!-- Spring Boot 3.x 需要 Java 17 --></properties><dependencies><!-- Spring Web 依赖 --><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-actuator</artifactId></dependency><!-- Spring Security 依赖 --><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency></dependencies><build><plugins><!-- Spring Boot Maven 插件 --><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId></plugin></plugins></build></project>Spring boot 启动类
DemoApplicatiom.java
package com.example.demo;import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;@SpringBootApplication
public class DemoApplication {public static void main(String[] args) {SpringApplication.run(DemoApplication.class, args);}
}运行
在pom.xml中引入spring security的依赖后,随意输入路径,便已经开始拦截了,都会跳转到默认自带的/login这个页面
用户名默认为user
密码会在启动时,显示在控制台,本次密码a1ea7d76-5937-4ce7-a896-c4d6f83e05c1
在本例中,只有登陆成功,才可以访问到actuator的端点们
自定义Spring security的账号密码
application.yml
server:port: 8080management:endpoints:web:exposure:include: "*" # 暴露actuator的所有端点spring:security:user:name: adminpassword: admin123 #Spring security的自定义账号密码
备注:如果要进行更细粒度的访问控制,可以使用spring security编写代码,对具体的路径进行访问控制
和休眠(Hibernate))
)
)
)