SpringBoot2.7.8 SpringBootAdmin 集成 Spring Security(二)

背景

书接上回,在实际项目中,我们的 client 端,都是采用 jwt 登录,一个简单的改造方案是 SpringBootAdminServer 端采用静态账号登录,client 端采用数据库账号登录

SpringBootAdminServer

和上篇类似,不做调整

SpringBootAdminClient

jwt登录拦截

可以网上随便搜一些资料,这里不做赘述

配置文件

由于我们依赖 AdminServer 下探 actuator 接口,所以 client 端不增加 spring.boot.admin.client.url,这里只设置 username/password,用来接收 AdminServer 下探的 authorization,这里的账号密码需要和 AdminServer 保持一致

spring.boot.admin.client.username=actuator
spring.boot.admin.client.password=actuator

在 jwt Filter 之前加上 ActuatorFilter

.and()
        .addFilterBefore(jwtAuthorizationFilter, UsernamePasswordAuthenticationFilter.class)
        .addFilterBefore(actuatorAuthorizationFilter(), JwtAuthorizationFilter.class)

@Bean
public ActuatorAuthorizationFilter actuatorAuthorizationFilter() throws Exception{
  return new ActuatorAuthorizationFilter(username, password, authenticationManager());
}

ActuatorFilter

public ActuatorAuthorizationFilter(String username, String password, AuthenticationManager authenticationManager) {
    super("/actuator/**", authenticationManager);
    this.username = username;
    this.password = password;
  }

  /**
   * Performs actual authentication.
   *
   * @param request from which to extract parameters and perform the authentication
   * @param response the response, which may be needed if the implementation has to do a redirect as
   * part of a multi-stage authentication process (such as OpenID).
   * @return the authenticated user token, or null if authentication is incomplete.
   * @throws AuthenticationException if authentication fails.
   */
  @Override
  public Authentication attemptAuthentication(HttpServletRequest request,
      HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
    String basicAuthorizationPrefix = "Basic ";

    // Basic YWN0dWF0b3I6YWN0dWF0b3I=
    // Basic actuator:actuator
    String authorization = request.getHeader("authorization");
    if (StringUtils.isNotBlank(authorization)) {
      if (Objects.equals(authorization, basicAuthorizationPrefix + Base64.encodeBase64String((username + ":" + password).getBytes()))) {
        return new Authentication() {
          @Override
          public Collection getAuthorities() {
            return new ArrayList<>();
          }

          @Override
          public Object getCredentials() {
            return null;
          }

          @Override
          public Object getDetails() {
            return null;
          }

          @Override
          public Object getPrincipal() {
            return null;
          }

          @Override
          public boolean isAuthenticated() {
            return true;
          }

          @Override
          public void setAuthenticated(boolean b) throws IllegalArgumentException {

          }

          @Override
          public String getName() {
            return username;
          }
        };
      }
    }
    return null;
  }

  @Override
  public void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
      Authentication authResult) throws IOException, ServletException {
    SecurityContextHolder.getContext().setAuthentication(authResult);
    chain.doFilter(request, response);
  }

正常启动即可

SpringBoot2.7.8 SpringBootAdmin 集成 Spring Security(二)_第1张图片

你可能感兴趣的:(Java,spring,java)