Login/Register
How to access actuator endpoints behind oAuth2 security from spring boot admin
Asked Answered
spring-boot-admin
D

2

13

I've spring boot applications secured by oAuth2, I am able to access applications from spring boot admin only when actuator endpoints are not secured. I've checked the security samples on github even there /health endpoint was not secured. Is there any way to access, spring boot applications with actuator endpoints secured by oAuth2, from spring boot admin.

Drislane answered 5/7, 2017 at 15:5 Comment(1)
Did you find solution for this?Nessa
C
7

Based on WIPU answer I've created simple update

public class BearerAuthHeaderProvider implements HttpHeadersProvider {

    private final OAuth2RestTemplate template;

    public BearerAuthHeaderProvider(OAuth2RestTemplate template) {
        this.template = template;
    }

    public HttpHeaders getHeaders(Instance ignored) {
        HttpHeaders headers = new HttpHeaders();
        headers.set("Authorization", template.getAccessToken().getTokenType() + " " + template.getAccessToken().getValue());
        return headers;
    }
}

and 

@Configuration
public class AdminServerConfiguration extends AdminServerAutoConfiguration {

    public AdminServerConfiguration(AdminServerProperties adminServerProperties) {
        super(adminServerProperties);
    }

    @Bean
    public OAuth2ProtectedResourceDetails clientCredentialsResourceDetails() {
        ClientCredentialsResourceDetails details = new ClientCredentialsResourceDetails();
        //set you details here: id, clientid, secret, tokenendpoint
        details.setClientId("actuator");
        details.setClientSecret("actuator_password");
        details.setAccessTokenUri("http://localhost:8081/auth-server/oauth/token");
        details.setGrantType("client_credentials");
        return details;
    }

    @Bean
    @Order(0)
    @ConditionalOnMissingBean
    public BearerAuthHeaderProvider bearerAuthHeaderProvider(){
        // couldn't inject differently restTemplate 
        OAuth2ProtectedResourceDetails resourceDetails = this.clientCredentialsResourceDetails();
        OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(resourceDetails);
        return new BearerAuthHeaderProvider(oAuth2RestTemplate);
    }

}
Coussoule answered 23/7, 2019 at 13:23 Comment(0)
T
4

This question is quite old, but since there is no answer at all.

In the de.codecentric.boot.admin.server.config.AdminServerAutoConfiguration. class of boot admin you find the methods basicAuthHttpHeadersProvider and httpHeadersProvider. You can use this mechanic to add your own header provider. Just provide your own AuthHeaderProvider. Like below:

    @Bean
    public BearerAuthHeaderProvider bearerAuthHeaderProvider(OAuth2RestTemplate template){
        return new BearerAuthHeaderProvider(template);
    }

    @Bean
    public OAuth2RestTemplate restTemplate(OAuth2ProtectedResourceDetails resourceDetails) {
        return new OAuth2RestTemplate(resourceDetails);
    }
    @Bean
    public OAuth2ProtectedResourceDetails clientCredentialsResourceDetails() {
        ClientCredentialsResourceDetails details = new ClientCredentialsResourceDetails ();
        //set you details here: id, clientid, secret, tokenendpoint
        details.setGrantType("client_credentials");
        return details;
    }

With that, the InstanceWebClient.builder() will pickup your bearer authentication header and sent it to your actuator endpoints.

I'm not sure if this is the correct solution, but it is a starting point.

regards,

Tussle answered 14/3, 2019 at 12:10 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.