spring-boot-admin icon indicating copy to clipboard operation
spring-boot-admin copied to clipboard
verified publisher icon codecentric

Spring boot Admin 3.x.x Security , client registered 401

Open HeXiaoShu opened this issue 1 year ago • 3 comments

Spring Boot Admin Server information

  • Version: 3.3.0

  • Spring Boot version: 3.3.0

  • Configured Security:

  @Configuration(proxyBeanMethods = false)
public class SecuritySecureConfig {

        private final AdminServerProperties adminServer;

        private final SecurityProperties security;

        public SecuritySecureConfig(AdminServerProperties adminServer, SecurityProperties security) {
                this.adminServer = adminServer;
                this.security = security;
        }

        @Bean
        protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
                successHandler.setTargetUrlParameter("redirectTo");
                successHandler.setDefaultTargetUrl(this.adminServer.path("/"));
                http.authorizeHttpRequests((authorizeRequests) -> authorizeRequests //
                        .requestMatchers(new AntPathRequestMatcher(this.adminServer.path("/assets/**")))
                        .permitAll()
                        .requestMatchers(new AntPathRequestMatcher(this.adminServer.path("/actuator/info")))
                        .permitAll()
                        .requestMatchers(new AntPathRequestMatcher(adminServer.path("/actuator/health")))
                        .permitAll()
                        .requestMatchers(new AntPathRequestMatcher(this.adminServer.path("/login")))
                        .permitAll()
                        .dispatcherTypeMatchers(DispatcherType.ASYNC)
                        .permitAll() // https://github.com/spring-projects/spring-security/issues/11027
                        .anyRequest()
                        .authenticated())
                        .formLogin(
                                        (formLogin) -> formLogin.loginPage(this.adminServer.path("/login")).successHandler(successHandler))
                        .logout((logout) -> logout.logoutUrl(this.adminServer.path("/logout")))
                        .httpBasic(Customizer.withDefaults());
                http.rememberMe((rememberMe) -> rememberMe.key(UUID.randomUUID().toString()).tokenValiditySeconds(1209600));
                return http.build();

        }

        // Required to provide UserDetailsService for "remember functionality"
        @Bean
        public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
                UserDetails user = User.withUsername(security.getUser().getName()).password(passwordEncoder.encode(security.getUser().getPassword())).build();
                return new InMemoryUserDetailsManager(user);
        }

        @Bean
        public PasswordEncoder passwordEncoder() {
                return new BCryptPasswordEncoder();
        }

}
  • Webflux or Servlet application:

Client information

  • Spring Boot versions: 3.3.0

  • Spring Boot Admin Client versions: 3.3.0

  • Used discovery mechanism: singleton application

  • Webflux or Servlet application:

Description

admin -server 
spring:
  application:
    name: admin-server

  security:
    user:
      password: test
      name: test

admin- client 
  boot:
    admin:
      client:
        url: http://localhost:8305
        instance:
          service-url: http://localhost:8600
          service-host-type: ip
        password: test
        username: test

error: Failed to register application as Application(name=base-project, managementUrl=http://localhost:8600/actuator, healthUrl=http://localhost:8600/actuator/health, serviceUrl=http://localhost:8600) at spring-boot-admin ([http://localhost:8305/instances]): 401 : [no body]. Further attempts are logged on DEBUG level

if admin-server version 2.x.x , client msg: Application registered itself as 4ada11be0d1e

HeXiaoShu avatar Jun 02 '24 12:06 HeXiaoShu

I am not able to find SecuritySecureConfig file. Can anyone provide the location for this file?

jeelkhant3333 avatar Jun 06 '24 13:06 jeelkhant3333

@jeelkhant3333 you have to create your own security config. This is depending on your environment, your authentication method etc. In the samples there is SecuritySecureConfig file, but this is just a demo and you have to create your own. The name does not matter.

erikpetzold avatar Jun 06 '24 14:06 erikpetzold

Hey @HeXiaoShu,

you omitted a crucial part of our sample security configuration:

http.addFilterAfter(new CustomCsrfFilter(), BasicAuthenticationFilter.class)
	.csrf((csrf) -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
		.csrfTokenRequestHandler(new CsrfTokenRequestAttributeHandler())
		.ignoringRequestMatchers(
				new AntPathRequestMatcher(this.adminServer.path("/instances"), POST.toString()),
				new AntPathRequestMatcher(this.adminServer.path("/instances/*"), DELETE.toString()),
				new AntPathRequestMatcher(this.adminServer.path("/actuator/**"))
		));

See also our documentation: https://docs.spring-boot-admin.com/current/security.html

Please try again with this configuration in place and let us know if this solves your problem.

hzpz avatar Jun 14 '24 06:06 hzpz

We're closing this issue due to missing feedback. If you're still encountering problems, feel free to file a new issue.

ulischulte avatar Jul 19 '24 06:07 ulischulte