How to re-enable anonymous access to Spring Boot Health endpoint?

Probably I'm doing something wrong here, I just can't figure out what...

I have an Oauth2 authentication server and a resource server within the same application.

Resource server configuration:

@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER-1)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
    public static final String RESOURCE_ID = "resources";

    @Override
    public void configure(final ResourceServerSecurityConfigurer resources) {
        resources
                .resourceId(RESOURCE_ID);
    }

    @Override
    public void configure(final HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers(HttpMethod.GET, "/**").access("#oauth2.hasScope('read')")
                .antMatchers(HttpMethod.POST, "/**").access("#oauth2.hasScope('write')")
                .antMatchers(HttpMethod.PUT, "/**").access("#oauth2.hasScope('write')")
                .antMatchers(HttpMethod.PATCH, "/**").access("#oauth2.hasScope('write')")
                .antMatchers(HttpMethod.DELETE, "/**").access("#oauth2.hasScope('write')")
                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                .antMatchers(HttpMethod.GET, "/health").permitAll();
    }

}

Authentication server configuration:

@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    public void configure(final AuthenticationManagerBuilder auth) throws Exception {
        auth
                .userDetailsService(userDetailsService)
                .passwordEncoder(new BCryptPasswordEncoder());
    }

    @Override
    protected void configure(final HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .anyRequest().authenticated()
                .and().httpBasic().realmName("OAuth Server");
    }
}

When I try to access /health, I got a HTTP/1.1 401 Unauthorized.

How can I persuade Spring Boot to make /health anonymously accessible?

Answers


You also need to disable it by setting management.security.enabled to false.

http://docs.spring.io/spring-boot/docs/current-SNAPSHOT/reference/htmlsingle/#production-ready-customizing-management-server-port


As M. Deinum said:

The order in which you specify your mappings is also the order in which they are consulted. The first match wins... As /** matches everything your /health mapping is useless. Move that above the /** mappings to have it functional. – M. Deinum Aug 20 at 17:56


Need Your Help

ASP.NET MVC 3 - Dealing with Session variables

c# asp.net-mvc-3 forms-authentication asp.net-session

I have an app which uses Form's Authentication and when the user log's in, I retrieve the user's actual name and assign that to a session variable, like so:

filling a dataframe or matrix with for loop

r for-loop matrix dataframes

Is there a quick way to fill this matrix df with the values of n1 then n2 and finally n3 in order from left to right?

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.