Sample doesn't take `adminContextPath` in to account for csrf config
See original GitHub issueI am developing according with documentation: https://codecentric.github.io/spring-boot-admin/2.0.2, but i don’t getting register a client in a secure application.
My configuration are:
application.yml
# Security config
spring.security.user:
name: admin
password: admin
# Actuator config
management:
endpoint:
shutdown.enabled: true
health.show-details: always
endpoints.web.exposure.include: '*'
# Spring boot admin config
spring.boot.admin:
context-path: /admin
client:
url: http://localhost:8080/admin
username: ${spring.security.user.name}
password: ${spring.security.user.password}
instance:
name: ${app.name}
metadata.user:
name: ${spring.security.user.name}
password: ${spring.security.user.password}
WebSecurityConfiguration
@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
private final String adminContextPath;
public WebSecurityConfiguration(AdminServerProperties adminServerProperties) {
this.adminContextPath = adminServerProperties.getContextPath();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
successHandler.setTargetUrlParameter("redirectTo");
successHandler.setDefaultTargetUrl(adminContextPath + "/");
http.authorizeRequests()
.antMatchers(adminContextPath + "/assets/**").permitAll()
.antMatchers(adminContextPath + "/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
.logout().logoutUrl(adminContextPath + "/logout").and()
.httpBasic().and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.ignoringAntMatchers("/instances", "/actuator/**");
}
}
And the error is occurring:
2018-08-22 00:44:21.770 DEBUG 9616 --- [gistrationTask1] d.c.b.a.c.r.ApplicationRegistrator: Failed to register application as Application(name=template-api, managementUrl=http://localhost:8080/actuator, healthUrl=http://localhost:8080/actuator/health, serviceUrl=http://localhost:8080/) at spring-boot-admin ([http://localhost:8080/admin/instances]): 401 null
Can someone please help with this 401
?
Issue Analytics
- State:
- Created 5 years ago
- Comments:9
Top Results From Across the Web
CSRF verification fails when running linkding behind a proxy ...
This can cause CSRF verification to fail (for example during login) if the app is running behind a proxy and is not properly...
Read more >django admin login suddenly demanding csrf token
Add a csrf token to your context in the login view and in your template add in the hidden div for the csrf...
Read more >Cannot configure CSRF origin server for Admin cons...
Hello, I have difficulties setting the CSRF policy to work with the admin console (for exemple, the workflow console when typing "help" for....
Read more >Spring Boot Admin Reference Guide - GitHub Pages
2.1. First, you need to setup your server. To do this just setup a simple boot project (using start.spring.io). As Spring Boot Admin...
Read more >Cross Site Request Forgery protection - Django documentation
A CSRF cookie that is a random secret value, which other sites will not have access to. CsrfViewMiddleware sends this cookie with the...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
.ignoringAntMatchers("/instances", "/actuator/**");
must read.ignoringAntMatchers(adminContextPath + "/instances", adminContextPath + "/actuator/**");
It’s also wrong in the docs. I’ll fix that
@joshiste I have a similar issue.
My dependencies version info: org.springframework.boot:spring-boot-starter-security:2.1.0.RELEASE de.codecentric:spring-boot-admin-starter-server:2.1.1
I use
.ignoringAntMatchers(adminContextPath + "/instances", adminContextPath + "/actuator/**");
instead of.ignoringAntMatchers("/instances", "/actuator/**");
But sba client still failed to register application for the same reason 401 null.