Reputation: 171
How to access actuator endpoints behind oAuth2 security from spring boot admin
I've spring boot applications secured by oAuth2, I am able to access applications from spring boot admin only when actuator endpoints are not secured. I've checked the security samples on github even there /health endpoint was not secured. Is there any way to access, spring boot applications with actuator endpoints secured by oAuth2, from spring boot admin.
Upvotes: 13
Views: 2930
Answers (2)
Reputation: 71
Based on WIPU answer I've created simple update
public class BearerAuthHeaderProvider implements HttpHeadersProvider {
private final OAuth2RestTemplate template;
public BearerAuthHeaderProvider(OAuth2RestTemplate template) {
this.template = template;
}
public HttpHeaders getHeaders(Instance ignored) {
HttpHeaders headers = new HttpHeaders();
headers.set("Authorization", template.getAccessToken().getTokenType() + " " + template.getAccessToken().getValue());
return headers;
}
}
and
@Configuration
public class AdminServerConfiguration extends AdminServerAutoConfiguration {
public AdminServerConfiguration(AdminServerProperties adminServerProperties) {
super(adminServerProperties);
}
@Bean
public OAuth2ProtectedResourceDetails clientCredentialsResourceDetails() {
ClientCredentialsResourceDetails details = new ClientCredentialsResourceDetails();
//set you details here: id, clientid, secret, tokenendpoint
details.setClientId("actuator");
details.setClientSecret("actuator_password");
details.setAccessTokenUri("http://localhost:8081/auth-server/oauth/token");
details.setGrantType("client_credentials");
return details;
}
@Bean
@Order(0)
@ConditionalOnMissingBean
public BearerAuthHeaderProvider bearerAuthHeaderProvider(){
// couldn't inject differently restTemplate
OAuth2ProtectedResourceDetails resourceDetails = this.clientCredentialsResourceDetails();
OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(resourceDetails);
return new BearerAuthHeaderProvider(oAuth2RestTemplate);
}
}
Upvotes: 7
Reputation: 443
This question is quite old, but since there is no answer at all.
In the de.codecentric.boot.admin.server.config.AdminServerAutoConfiguration. class of boot admin you find the methods basicAuthHttpHeadersProvider and httpHeadersProvider. You can use this mechanic to add your own header provider. Just provide your own AuthHeaderProvider. Like below:
@Bean
public BearerAuthHeaderProvider bearerAuthHeaderProvider(OAuth2RestTemplate template){
return new BearerAuthHeaderProvider(template);
}
@Bean
public OAuth2RestTemplate restTemplate(OAuth2ProtectedResourceDetails resourceDetails) {
return new OAuth2RestTemplate(resourceDetails);
}
@Bean
public OAuth2ProtectedResourceDetails clientCredentialsResourceDetails() {
ClientCredentialsResourceDetails details = new ClientCredentialsResourceDetails ();
//set you details here: id, clientid, secret, tokenendpoint
details.setGrantType("client_credentials");
return details;
}
With that, the InstanceWebClient.builder() will pickup your bearer authentication header and sent it to your actuator endpoints.
I'm not sure if this is the correct solution, but it is a starting point.
regards,
Upvotes: 4
Related Questions
- Spring Cloud Gateway Oauth2 Resource Server allow actuator endpoints
- Spring Boot Actuator Endpoints security doesn't work with custom Spring Security Configuration
- Spring boot 2.1.x how to secure Actuator end points with basic auth
- Spring OAuth2 Authorization Server with Actuator endpoints secured with basic auth
- Separate authentication provider in Spring Boot 2 for Actuator and custom API endpoints
- Disable security for Springboot actuator endpoint /env
- Use oauth2 scope instead of role to secure spring actuator management endpoints
- Enable Spring Boot 2.0 Actuator Endpoints With JWT security
- Spring: Configure security for actuator endpoints with Spring Security
- springboot actuator returns 401 for actuator endpoints