Skip to content

How to integrate actuator with spring authorization server? #1293

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
gonwan opened this issue Jul 5, 2023 · 2 comments
Closed

How to integrate actuator with spring authorization server? #1293

gonwan opened this issue Jul 5, 2023 · 2 comments
Assignees
@jgrandja
Labels
for: stackoverflow A question that's better suited to stackoverflow.com

Comments

@gonwan
Copy link

gonwan commented Jul 5, 2023
edited
Loading

I tried to integrate actuator(using http basic authentication) with spring authorization server, but no success.

I added a separate security filter chain for actuator, with order 2. Authorization and default security filter chains are set as default.

In actuator flow: /actuator/** --> actuator filter chain --> add WWW-authentication header --> internal dispatched to /error --> authorization filter chain --> redirect to /login. The login page for authorization server is show in browser, not http basic prompt. This can be verified with curl:

 curl -vv --connect-timeout 1000000000 http://127.0.0.1:9000/actuator 
* About to connect() to 127.0.0.1 port 9000 (#0)
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 9000 (#0)
> GET /actuator HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 127.0.0.1:9000
> Accept: */*
> 
< HTTP/1.1 302 
< Set-Cookie: JSESSIONID=1E24491AD55BB0FA9333B2E28F50FF99; Path=/; HttpOnly
< WWW-Authenticate: Basic realm="Realm"
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 0
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Location: http://127.0.0.1:9000/login;jsessionid=1E24491AD55BB0FA9333B2E28F50FF99    <-- here!!!
< Content-Length: 0
< Date: Tue, 04 Jul 2023 15:07:20 GMT

So what is the intended solution in this case? Full code here.
@gonwan gonwan added the type: bug A general bug label Jul 5, 2023
@jgrandja
Copy link
Collaborator

Thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it).

See gh-760 which may be related.

@jgrandja jgrandja self-assigned this Jul 11, 2023
@jgrandja jgrandja added for: stackoverflow A question that's better suited to stackoverflow.com and removed type: bug A general bug labels Jul 11, 2023
@JorgeReus
Copy link

JorgeReus commented Feb 8, 2024
edited
Loading

Just answering for the sake of clarity.

It can be done either in the oauth2 filter chain

  @Bean
  @Order(2)
  public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
    http.authorizeHttpRequests(
            authorize -> {
              authorize
                  .requestMatchers(
                      HttpMethod.GET, "/health", "/health/liveness", "/health/readiness")
                  .permitAll()
                  .anyRequest()
                  .authenticated();
            })
        .oauth2Login(Customizer.withDefaults());

    return http.build();
  }

or as a bean

  @Bean
  public WebSecurityCustomizer webSecurityCustomizer() {
    return (web) ->
        web.ignoring()
            .requestMatchers(HttpMethod.GET, "/health", "/health/liveness", "/health/readiness");
  }

Sample application.yml

management:
  health:
    probes:
      enabled: true
  endpoints:
    web:
      base-path: /
      exposure:
        include: health
  server:
    port: 9000

Run curl http://localhost:9000/health/liveness and curl http://localhost:9000/health/readiness

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgrandja jgrandja

Labels
for: stackoverflow A question that's better suited to stackoverflow.com
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gonwan @jgrandja @JorgeReus