Login/Register
Unauthorized in spring boot admin
Asked Answered
springspring-bootmicroservicesnetflix-eurekaspring-boot-admin
P

4

12

I wanted to control the microservices that are running in the Eureka server. I used spring-boot-admin for this, but I am getting the error on accessing the information about the Trace,Log etc...

The error I am getting is

Error: {"timestamp":1489052472862,"status":401,"error":"Unauthorized","message":"Full authentication is required to access this resource.","path":"/metrics"}

My dependencies are

<dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-actuator</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-eureka</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>de.codecentric</groupId>
        <artifactId>spring-boot-admin-server</artifactId>
        <version>1.4.3</version>
    </dependency>
    <dependency>
        <groupId>de.codecentric</groupId>
        <artifactId>spring-boot-admin-server-ui</artifactId>
        <version>1.4.3</version>
    </dependency>

and none of the below properties worked

endpoints.info.id=information
endpoints.info.sensitive=false
endpoints.info.enabled=true
information.app.name=Actuator Example
information.app.description=Actuator Example
information.app.version=1.0.0

and the same thing is happening with all the end points like mappings, env and all accept health

Poul answered 7/3, 2017 at 12:15 Comment(0)
K
39

Setting management.security.enabled=false in the application.properties will disable the security on the endpoints.

Konyn answered 11/3, 2017 at 7:22 Comment(1)
This application property is not available anymore on the newest spring-security version (2.1+). Just as information for current readersUtta
C
0

It's better to setup security by credentials username and password for most of endpoints listed here: https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-endpoints.html

Exceptions from the rule are health and info endpoints which won't be protected by credentials.

You can set username and password in application.properties like that:

security.user.name=admin
security.user.password=secret
Cockchafer answered 3/8, 2018 at 13:18 Comment(0)
E
0

I have had a similar issue. On my spring boot application we had a cors filter to block Http Head requests. So head requests cannot be accepted.

  • Check Javascript console log and application log.

  • Setting management.security.enabled=false in the application.properties also necessary.

Eggbeater answered 17/10, 2018 at 7:39 Comment(0)
P
0

I'm of the opinion that disabling the security to all sensitive endpoints isn't the way to go.

I had this issue while accessing /metrics and apparently, I was missing the spring-boot-starter-security dependency:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

After adding the dependency to my pom.xml, and assuming that I have the following on my application.yml

...
security:
    user:
        name: myActuatorUser
        password: myActuatorPwd
...

I was able to access my /metrics endpoint.

Praetorian answered 7/11, 2018 at 14:9 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.