Untitled

management.security.enabled=false

spring.boot.admin.client.metadata.user.name=${security.user.name}
spring.boot.admin.client.metadata.user.password=${security.user.password}

spring.boot.admin.client.metadata.user.name=admin
spring.boot.admin.client.metadata.user.password=example

15-08-2018 22:19:29.987 [registrationTask1] INFO  d.c.b.a.c.r.ApplicationRegistrator.register - Application registered itself as 6c0b3ada
15-08-2018 22:19:38.753 [http-nio-8080-exec-4] INFO  o.s.b.a.e.m.MvcEndpointSecurityInterceptor.logUnauthorizedAttempt - Full authentication is required to access actuator endpoints. Consider adding Spring Security or set 'management.security.enabled' to false.

Antwortkopfzeilen (342 B)
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Content-Type: application/json;charset=UTF-8
Date: Wed, 15 Aug 2018 21:17:44 GMT
Expires: 0
Pragma: no-cache
X-Application-Context: application:8081
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block

Anfragekopfzeilen (494 B)
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate
Accept-Language: de,en-US;q=0.7,en;q=0.3
Connection: keep-alive
Cookie: JSESSIONID=13C22C76A043263B3F1…f-2ab6-4ad9-b687-e37178d2701d
Host: localhost:8081
Referer: http://localhost:8081/
User-Agent: Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/61.0
X-XSRF-TOKEN: 5aae0cff-2ab6-4ad9-b687-e37178d2701d

SyntaxError: JSON.parse: unexpected end of data at line 1 column 1 of the JSON data

#SpringBootAdmin
spring.boot.admin.url=http://localhost:8081
spring.boot.admin.username=admin
spring.boot.admin.password=adminPw
spring.boot.admin.client.metadata.user.name=admin
spring.boot.admin.client.metadata.user.password=example

management.security.enabled=true
management.security.roles=ADMIN, USER
management.info.git.mode=full

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

  /* Time, in seconds, to have the browser cache static resources (one week). */
  private static final int BROWSER_CACHE_CONTROL = 604800;

  @Bean
  public BCryptPasswordEncoder bCryptPasswordEncoder() {
    return new BCryptPasswordEncoder();
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
        //define URLs only a user with the role admin can access
        // NOTE: Spring Security automatically adds "ROLE_" while performing this check.
        .antMatchers("/admin").hasAnyRole("ADMIN", "USER")
        .antMatchers("/admin/**").hasAnyRole("ADMIN", "USER")
        .antMatchers("/*").permitAll()
        .and()
        .formLogin()
        .loginPage("/login").loginProcessingUrl("/login")
        .usernameParameter("username").passwordParameter("password")
        .defaultSuccessUrl("/admin")
        .and()
        .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login?logout")
        //rememberMe functionality stays for 4 weeks

        .and().authorizeRequests().antMatchers("/console/**").hasRole("ADMIN")
        .and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());

    CharacterEncodingFilter filter = new CharacterEncodingFilter();
    filter.setEncoding("UTF-8");
    filter.setForceEncoding(true);
    http.addFilterBefore(filter,CsrfFilter.class);

    //return 403 error instead of login page when trying to access an forbidden page
    //http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint());
  }
}

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {

  private final Logger logger = LoggerFactory.getLogger(this.getClass());

  @Autowired
  private UserServiceImpl userService;

  @Autowired
  private BCryptPasswordEncoder bCryptPasswordEncoder;

  @Override
  public Authentication authenticate(Authentication authentication) throws AuthenticationException {

    String username = authentication.getName();
    String password = authentication.getCredentials().toString();

    User user = userService.findByUsername(username);

    if (Objects.nonNull(user)) {

      //"found user, proceeding to check password
      Set<GrantedAuthority> grantedAuthorities = new HashSet<>();


      if (bCryptPasswordEncoder.matches(password, user.getPassword())) {
        //password is a match
        //Setting up Authorities
        for (Role role : user.getRoles()) {
          logger.info("adding Role : " + role.getName());
          grantedAuthorities.add(new SimpleGrantedAuthority(role.getName()));
        }

        return new UsernamePasswordAuthenticationToken(username, user.getPassword(), grantedAuthorities);

      } else {
        logger.info("Unsuccessful login attempt - wrong password.");
        return null;
      }
    } else {
      logger.info("Unsuccessful login attempt - user not found.");
      return null;
    }
  }

  @Override
  public boolean supports(Class<?> authentication) {
    return authentication.equals(UsernamePasswordAuthenticationToken.class);
  }
}