=
Getting forbidden error while accessing actuator running on different port other than application port using custom spring security configuration.
application.properties file
management.security.enabled=false
management.context-path=/manage
management.port=8085
server.context-path=/lnhcverifyhcp
server.port=8090
spring boot version - 1.3.3.RELEASE
Getting forbidden error on accessing actuator url's
I had the same issue, my mcAfee using that port. Actually 403 is from McAfee.
hit this url and see what you get - http://localhost:8081/
I'm assuming that you're using Spring Security with Spring Actuator. So, the configuration to escape the Actuator out the Security are:
endpoints:
health:
sensitive: false
management:
security:
enabled: false
Hope this help!
You can disable security on the management port by adding this to your application.properties file:
management.security.enabled=false
Or, set your own username and password:
See https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-monitoring.html
Related
I am running Spring Cloud Gateway with Spring Boot version 2.5.8 and Spring Cloud version 2020.0.5.
I am trying to configure Spring Cloud Gateway to validate JWT access tokens using Spring Security and thus the gateway needs to connect to the OAuth2 Authorization server external to my company's network. As per company standard, I am using a proxy host to connect to the external Authorization server and I have set the http.proxy* and https.proxy* environment variables ie
-Dhttp.proxyHost=my-proxy.com -Dhttp.proxyPort=3328 -Dhttps.proxyHost=my-proxy..com -Dhttps.proxyPort=3328 -Dhttp.proxySet=true -Dhttps.proxySet=true
and well as the properties in application.yml. ie
spring:
cloud:
httpclient:
proxy:
host: my-proxy.com
port: 3328
But I am getting timeout error when connecting to the external Authorization Server. The proxy host and port are correct and are working for other Spring Boot projects using Spring MVC. I saw this question/answer
spring-boot app as spring-cloud-gateway has to use a proxy: JVM arguments not used NOR spring.cloud.gateway.httpclient.proxy.****
But my entries in application.yml is not working. Would appreciate if someone can provide some advice on resolving the issue.
Thanks
For example, I have settings like code below which Spring Boot Actuator uses.
management:
server:
port: 60001
security:
enabled: false
And I found out that if I will write this setting with mistakes. For example (code below):
management:
server:
port: 60001
security:
enabled: fase # wrong typed a `false` word
Spring Boot will not do anything, and the application will have build successfully.
Spring boot will validate the data as long as #ConfigurationProperties exist in core. The problem is that your #ConfigurationProperties may not exist before or already deprecated in your spring boot version.
Below is the comparison of management.server class with #ConfigurationProperties.
Try to change the port with string and spring boot with validate the data.
Look also at ManagementContextAutoConfiguration.class if your using spring boot 2 you will see that it loads the class ManagementServerProperties and WebEndpointProperties
If you still needed to validate your yaml you can refer to SnakeYAML.
I have configured my spring boot application monitor-client to register to Eureka. I have a separate spring boot admin (SBA) application monitor that monitors all applications registered to Eureka.
If the context-path is not set in my application, everything is working fine. However if the context-path is set, SBA does not show correct information anymore. From the documentation it seems that I need to update the metadata properties of Eureka which I have done.
My monitor application is configured as follows:
application.properties:
spring.application.name=monitor-client
server.servlet.context-path=/monitor-client
server.port=9876
# Monitoring config
management.endpoints.web.exposure.include=*
eureka.instance.metadataMap.management.context-path=/monitor-client/actuator
My application is showing as 'offline' but I can browse all the details in the 'insight' tab. I suppose SBA correctly access the actuator endpoints but incorrectly uses the /health endpoint and I do not understand how that is possible?
If I go to the administration interface of SBA, I notice that the wrench endpoint and the health endpoint are not the same:
localhost:9876/monitor-client/actuator (wrench)
localhost:9876/actuator/health (health)
I've fiddled around with some settings but between the managment settings, the actuator settings and the eureka settings, I'm not sure which one is to be configured for this to work.
I've tried:
management.endpoints.web.base-path
eureka.instance.health-check-url-path
I'm currently using spring boot 2.1.2.RELEASE and matching version of SBA
Can you try with these configuration
server:
servlet:
context-path: /monitor-client
#management config
eureka:
instance:
health-check-url-path: /actuator/health
metadata-map:
management.context-path: /monitor-client/actuator
client:
serviceUrl:
defaultZone: ${EUREKA_SERVICE_URL:http://localhost:8761}/eureka/
management:
endpoint:
health:
show-details: always
endpoints:
web:
base-path: /actuator
exposure:
include: "*"
I am using spring boot 2.0.4 and want to expose my actuator endpoints. When adding the following to application.yml only info, health are being exposed.
management:
endpoints:
web:
exposure:
include: "*"
When I run http://localhost:8080/actuator I get
{"_links":{"self":{"href":"http://localhost:8080/actuator","templated":false},"health":{"href":"http://localhost:8080/actuator/health","templated":false},"info":{"href":"http://localhost:8080/actuator/info","templated":false}}}
Spring Boot 2.0 takes a slightly different approach to ensure web endpoints security. The majority of Web endpoints are now disabled by default (Only the /health and /info endpoints are exposed) and the management.security.enabled property has been removed. There is no longer a separate security auto-configuration for the Actuator, individual endpoints may be enabled/disabled and/or exposed via configuration in the application.properties file. For example:
# disable beans endpoint
management.endpoints.beans.enabled=false
# expose all endpoints:
management.endpoints.web.exposure.include=*
See additional info Spring official documentation: https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-2.0-Migration-Guide#endpoints
I implemented spring cloud config server and pushed it to pivotal cloud foundry. I added the below listed security details in application.yml. I did a "get" on the config server endpoint without passing any security credentials. I am able to receive a successful response , but I was expecting it to return an error saying authentication details aren't passed. Please can you let me know what I am missing?
security:
basic:
enabled: true
user:
name: ctp_config
password: ctp_config
If you using Spring Boot, try add to dependency 'org.springframework.boot:spring-boot-starter-security'