Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- management.security.enabled=false
- spring.boot.admin.client.metadata.user.name=${security.user.name}
- spring.boot.admin.client.metadata.user.password=${security.user.password}
- spring.boot.admin.client.metadata.user.name=admin
- spring.boot.admin.client.metadata.user.password=example
- 15-08-2018 22:19:29.987 [registrationTask1] INFO d.c.b.a.c.r.ApplicationRegistrator.register - Application registered itself as 6c0b3ada
- 15-08-2018 22:19:38.753 [http-nio-8080-exec-4] INFO o.s.b.a.e.m.MvcEndpointSecurityInterceptor.logUnauthorizedAttempt - Full authentication is required to access actuator endpoints. Consider adding Spring Security or set 'management.security.enabled' to false.
- Antwortkopfzeilen (342 B)
- Cache-Control: no-cache, no-store, max-age=0, must-revalidate
- Content-Length: 0
- Content-Type: application/json;charset=UTF-8
- Date: Wed, 15 Aug 2018 21:17:44 GMT
- Expires: 0
- Pragma: no-cache
- X-Application-Context: application:8081
- X-Content-Type-Options: nosniff
- X-Frame-Options: DENY
- X-XSS-Protection: 1; mode=block
- Anfragekopfzeilen (494 B)
- Accept: application/json, text/plain, */*
- Accept-Encoding: gzip, deflate
- Accept-Language: de,en-US;q=0.7,en;q=0.3
- Connection: keep-alive
- Cookie: JSESSIONID=13C22C76A043263B3F1…f-2ab6-4ad9-b687-e37178d2701d
- Host: localhost:8081
- Referer: http://localhost:8081/
- User-Agent: Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/61.0
- X-XSRF-TOKEN: 5aae0cff-2ab6-4ad9-b687-e37178d2701d
- SyntaxError: JSON.parse: unexpected end of data at line 1 column 1 of the JSON data
- #SpringBootAdmin
- spring.boot.admin.url=http://localhost:8081
- spring.boot.admin.username=admin
- spring.boot.admin.password=adminPw
- spring.boot.admin.client.metadata.user.name=admin
- spring.boot.admin.client.metadata.user.password=example
- management.security.enabled=true
- management.security.roles=ADMIN, USER
- management.info.git.mode=full
- @Configuration
- @EnableWebSecurity
- public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
- /* Time, in seconds, to have the browser cache static resources (one week). */
- private static final int BROWSER_CACHE_CONTROL = 604800;
- @Bean
- public BCryptPasswordEncoder bCryptPasswordEncoder() {
- return new BCryptPasswordEncoder();
- }
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http
- .authorizeRequests()
- //define URLs only a user with the role admin can access
- // NOTE: Spring Security automatically adds "ROLE_" while performing this check.
- .antMatchers("/admin").hasAnyRole("ADMIN", "USER")
- .antMatchers("/admin/**").hasAnyRole("ADMIN", "USER")
- .antMatchers("/*").permitAll()
- .and()
- .formLogin()
- .loginPage("/login").loginProcessingUrl("/login")
- .usernameParameter("username").passwordParameter("password")
- .defaultSuccessUrl("/admin")
- .and()
- .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login?logout")
- //rememberMe functionality stays for 4 weeks
- .and().authorizeRequests().antMatchers("/console/**").hasRole("ADMIN")
- .and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
- CharacterEncodingFilter filter = new CharacterEncodingFilter();
- filter.setEncoding("UTF-8");
- filter.setForceEncoding(true);
- http.addFilterBefore(filter,CsrfFilter.class);
- //return 403 error instead of login page when trying to access an forbidden page
- //http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint());
- }
- }
- @Component
- public class CustomAuthenticationProvider implements AuthenticationProvider {
- private final Logger logger = LoggerFactory.getLogger(this.getClass());
- @Autowired
- private UserServiceImpl userService;
- @Autowired
- private BCryptPasswordEncoder bCryptPasswordEncoder;
- @Override
- public Authentication authenticate(Authentication authentication) throws AuthenticationException {
- String username = authentication.getName();
- String password = authentication.getCredentials().toString();
- User user = userService.findByUsername(username);
- if (Objects.nonNull(user)) {
- //"found user, proceeding to check password
- Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
- if (bCryptPasswordEncoder.matches(password, user.getPassword())) {
- //password is a match
- //Setting up Authorities
- for (Role role : user.getRoles()) {
- logger.info("adding Role : " + role.getName());
- grantedAuthorities.add(new SimpleGrantedAuthority(role.getName()));
- }
- return new UsernamePasswordAuthenticationToken(username, user.getPassword(), grantedAuthorities);
- } else {
- logger.info("Unsuccessful login attempt - wrong password.");
- return null;
- }
- } else {
- logger.info("Unsuccessful login attempt - user not found.");
- return null;
- }
- }
- @Override
- public boolean supports(Class<?> authentication) {
- return authentication.equals(UsernamePasswordAuthenticationToken.class);
- }
- }
Add Comment
Please, Sign In to add comment