Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Sample doesn't take `adminContextPath` in to account for csrf config

See original GitHub issue

I am developing according with documentation: https://codecentric.github.io/spring-boot-admin/2.0.2, but i don’t getting register a client in a secure application.

My configuration are:

application.yml

# Security config
spring.security.user:
  name: admin
  password: admin

# Actuator config
management:
  endpoint:
    shutdown.enabled: true
    health.show-details: always
  endpoints.web.exposure.include: '*'

# Spring boot admin config
spring.boot.admin:
  context-path: /admin
  client:
    url: http://localhost:8080/admin
    username: ${spring.security.user.name}
    password: ${spring.security.user.password}
    instance:
      name: ${app.name}
      metadata.user:
        name: ${spring.security.user.name}
        password: ${spring.security.user.password}

WebSecurityConfiguration

@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
    private final String adminContextPath;

    public WebSecurityConfiguration(AdminServerProperties adminServerProperties) {
        this.adminContextPath = adminServerProperties.getContextPath();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        successHandler.setTargetUrlParameter("redirectTo");
        successHandler.setDefaultTargetUrl(adminContextPath + "/");

        http.authorizeRequests()
                .antMatchers(adminContextPath + "/assets/**").permitAll()
                .antMatchers(adminContextPath + "/login").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
                .logout().logoutUrl(adminContextPath + "/logout").and()
                .httpBasic().and()
                .csrf()
                .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
                .ignoringAntMatchers("/instances", "/actuator/**");
    }

}

And the error is occurring:

2018-08-22 00:44:21.770 DEBUG 9616 --- [gistrationTask1] d.c.b.a.c.r.ApplicationRegistrator: Failed to register application as Application(name=template-api, managementUrl=http://localhost:8080/actuator, healthUrl=http://localhost:8080/actuator/health, serviceUrl=http://localhost:8080/) at spring-boot-admin ([http://localhost:8080/admin/instances]): 401 null

Can someone please help with this 401?

Issue Analytics

State:
Created 5 years ago
Comments:9

Top GitHub Comments

2reactions

joshistecommented, Sep 2, 2018

.ignoringAntMatchers("/instances", "/actuator/**"); must read .ignoringAntMatchers(adminContextPath + "/instances", adminContextPath + "/actuator/**");

It’s also wrong in the docs. I’ll fix that

0reactions

CrazyZfpcommented, Dec 5, 2018

.ignoringAntMatchers("/instances", "/actuator/**"); must read .ignoringAntMatchers(adminContextPath + "/instances", adminContextPath + "/actuator/**");

It’s also wrong in the docs. I’ll fix that

@joshiste I have a similar issue.

My dependencies version info: org.springframework.boot:spring-boot-starter-security:2.1.0.RELEASE de.codecentric:spring-boot-admin-starter-server:2.1.1

I use .ignoringAntMatchers(adminContextPath + "/instances", adminContextPath + "/actuator/**"); instead of .ignoringAntMatchers("/instances", "/actuator/**");

But sba client still failed to register application for the same reason 401 null.