Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- spring.security.user.name: admin
- spring.security.user.password: admin
- @Configuration
- public class SecurityConfig extends WebSecurityConfigurerAdapter {
- private final String adminContextPath;
- public SecurityConfig(AdminServerProperties adminServerProperties) {
- this.adminContextPath = adminServerProperties.getContextPath();
- }
- @Autowired
- private LDAPConfig ldapConfig;
- /**
- * Configure LDAP as AuthN manager.
- * @param auth
- * @throws Exception
- */
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- try {
- auth
- .eraseCredentials(false)
- .ldapAuthentication()
- .ldapAuthoritiesPopulator(new DSTLdapAuthoritiesPopulator())
- .userDnPatterns(ldapConfig.getUserDnPatterns())
- .contextSource()
- .url(ldapConfig.getUrl());
- } catch (Exception e) {
- throw new BeanInitializationException("Security configuration failed", e);
- }
- }
- /**
- * Taken from official example: http://codecentric.github.io/spring-boot-admin/2.0.4/#_securing_spring_boot_admin_server
- * Configure login page.
- */
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.httpBasic();
- if (ldapConfig.isEnabled()) {
- // @formatter:off
- SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
- successHandler.setTargetUrlParameter("redirectTo");
- successHandler.setDefaultTargetUrl(adminContextPath + "/");
- http.authorizeRequests()
- .antMatchers(adminContextPath + "/assets/**").permitAll()
- .antMatchers(adminContextPath + "/login").permitAll()
- .anyRequest().authenticated()
- .and()
- .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
- .logout().logoutUrl(adminContextPath + "/logout").and()
- .httpBasic().and()
- .csrf()
- .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
- .ignoringAntMatchers(
- adminContextPath + "/instances",
- adminContextPath + "/actuator/**"
- );
- // If grant-access-to-groups is not configured in application.yml, any WSS-MASTER users are allowed to login to BootAdmin
- if( ldapConfig.getGrantAccessToGroups() == null ) {
- http.authorizeRequests().antMatchers("/**").authenticated();
- } else {
- // Only users in the group are allowed to login to BootAdmin.
- // secure all access to only a certain group of users
- http.authorizeRequests().antMatchers("/**").hasAnyRole(ldapConfig.getGrantAccessToGroups());
- }
- }
- }
- }
- management.endpoints.web.base-path=/manage
- spring.boot.admin.client.url=http://localhost:8081
- management.endpoints.web.exposure.include=*
- management.endpoint.health.show-details=always
- # Secure the registration at the server.
- spring.boot.admin.client.username=admin
- spring.boot.admin.client.password=admin
- # This secures the client endpoints
- spring.security.user.name=admin
- spring.security.user.password=admin
- # These are used by the server to access protected endpoints.
- spring.boot.admin.client.instance.metadata.user.name=admin
- spring.boot.admin.client.instance.metadata.user.password=admin
Add Comment
Please, Sign In to add comment