Created
September 4, 2020 22:24
-
-
Save igorferreira/a6032d762a664379a46c28cb354ef09d to your computer and use it in GitHub Desktop.
Springboot | SecurityApp | ActuatorSecurity | PermitAll Works
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package br.com.novedade.examples.securityapp.security; | |
| import java.io.IOException; | |
| import java.io.PrintWriter; | |
| import javax.servlet.http.HttpServletRequest; | |
| import javax.servlet.http.HttpServletResponse; | |
| import org.springframework.beans.factory.annotation.Value; | |
| import org.springframework.http.HttpStatus; | |
| import org.springframework.security.core.AuthenticationException; | |
| import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint; | |
| import org.springframework.stereotype.Component; | |
| package br.com.novedade.examples.securityapp.response.StatusResponse; | |
| import org.owasp.encoder.Encode; | |
| @Component | |
| public class ActuatorBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint { | |
| @Value("${spring.security.user.realm}") | |
| private String realm; | |
| @Override | |
| public void commence(HttpServletRequest request, | |
| HttpServletResponse response, | |
| AuthenticationException authException) throws IOException { | |
| response.setContentType("application/json;charset=UTF-8"); | |
| response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); | |
| String encodedStatusResponseJson = Encode.forJava(StatusResponse | |
| .builder() | |
| .status(String.valueOf(HttpStatus.UNAUTHORIZED.value())) | |
| .mensagem(authException.getMessage()) | |
| .build().toString()); | |
| PrintWriter out = response.getWriter(); | |
| out.write(encodedStatusResponseJson); | |
| } | |
| @Override | |
| public void afterPropertiesSet(){ | |
| setRealmName(realm); | |
| super.afterPropertiesSet(); | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package br.com.novedade.examples.securityapp.configuration; | |
| import org.springframework.beans.factory.annotation.Autowired; | |
| import org.springframework.beans.factory.annotation.Value; | |
| import org.springframework.context.annotation.Configuration; | |
| import org.springframework.security.config.annotation.web.builders.HttpSecurity; | |
| import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; | |
| import br.com.novedade.examples.securityapp.security.ActuatorBasicAuthenticationEntryPoint; | |
| @Configuration | |
| public class ActuatorSecurityConfiguration extends WebSecurityConfigurerAdapter { | |
| @Value("${spring.security.user.realm}") | |
| private String realm; | |
| @Value("${management.endpoints.env.roles}") | |
| private String role; | |
| @Autowired | |
| private ActuatorBasicAuthenticationEntryPoint authenticationEntryPoint; | |
| @Override | |
| public void configure(HttpSecurity http) throws Exception { | |
| http | |
| .authorizeRequests() | |
| .antMatchers("/restws/","/restws/**").permitAll() | |
| .antMatchers("/actuator/env/**").hasRole(role) | |
| .and() | |
| .httpBasic() | |
| .realmName(realm) | |
| .authenticationEntryPoint(authenticationEntryPoint); | |
| http.csrf().disable(); | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| spring: | |
| application: | |
| name: SecurityApp | |
| mandatory-file-encoding: UTF-8 | |
| security: | |
| user: | |
| name: admin | |
| password: "6Kb4KiG77NXE" | |
| roles: ACTUATOR,USER | |
| realm: "ACTUATOR_REALM" | |
| management: | |
| server.port: ${server.port} | |
| info.git.mode: full | |
| endpoints: | |
| env.roles: ACTUATOR | |
| web: | |
| exposure: | |
| include: health,info,metrics,prometheus,env | |
| cors: | |
| allowed-origins: "*" | |
| allowed-methods: GET,POST | |
| enabled-by-default: true | |
| metrics: | |
| export: | |
| prometheus: | |
| enabled: true | |
| pushgateway: | |
| enabled: true | |
| server: | |
| port: 8080 | |
| error: | |
| whitelabel.enabled: false | |
| include-stacktrace: ALWAYS |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package br.com.novedade.examples.securityapp.response; | |
| import java.io.Serializable; | |
| import com.fasterxml.jackson.annotation.JsonProperty; | |
| import io.swagger.annotations.ApiModel; | |
| import io.swagger.annotations.ApiModelProperty; | |
| import lombok.AllArgsConstructor; | |
| import lombok.Builder; | |
| import lombok.Getter; | |
| import lombok.NoArgsConstructor; | |
| import lombok.Setter; | |
| @ApiModel(description = "Informações de status") | |
| @Getter | |
| @Setter | |
| @AllArgsConstructor | |
| @NoArgsConstructor | |
| @Builder | |
| public class StatusResponse implements Serializable { | |
| private static final long serialVersionUID = 2642223915664809487L; | |
| @ApiModelProperty(example = "200", value = "Informa o status do código http. ") | |
| @JsonProperty("status") | |
| private String status; | |
| @ApiModelProperty(example = "Mensagem de erro", value = "Informa a mensagem do erro. ") | |
| @JsonProperty("mensagem") | |
| private String mensagem; | |
| @Override | |
| public String toString() { | |
| try { | |
| return new ObjectMapper().writeValueAsString(this); | |
| } catch (JsonProcessingException e) { | |
| return e.getLocalizedMessage(); | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment