Search code examples
spring-bootspring-securitymicroservicesspring-boot-admin

Spring boot admin: Full authentication is required to access this resource

we are using netflix oss for reverse proxying and security of microservices, we are following the jhipster pattern mentioned here https://www.jhipster.tech/microservices-architecture/, where request from UI application goes to gateway which is Api Gateway and it proxies the request to our backend microservices , we are using jwt for authentication, we wanted a dashboard to monitor our microservices and api gateway which registers with eureka server , we started a separate spring boot admin server so that it registers with eureka server and poll microservices and gateway for metrics endpoint but we are getting exception

Full authentication is required to access this resource

which is thrown by filters which are filtering for jwts at both api gateway and microservices level, we also tried disabled 

management.security.enabled: false

but still no luck ,can some one please help to guide what changes i need to make to enable spring boot admin to successfully poll the microservices and api gateway?

I tried the following approach

firstly i enabled web.ignoring().antMatchers("/actuator/**"), so that actuator endpoints are ignored by spring security but this approach will risk my api's

Second idea:

if i enable 2 filters in spring security , the first filter would be for spring boot admin with basic authentication for actuator endpoints and second filter will be of my jwt authentication for rest all api's and downstream api's not sure will it be feasible?

i enabled the 2 filters one filter for actuator end points and 1 filter for api's but these filters are working perfectly but not able to connect to SBA 

public class SpringSecurityAdminFilter extends WebSecurityConfigurerAdapter {



@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {

       String password = passwordEncoder().encode("xxxx");
    auth.inMemoryAuthentication().passwordEncoder(passwordEncoder()).withUser("sam").password(password).roles("ADMIN");

}

@Bean
public BCryptPasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
}

@Override
protected void configure(HttpSecurity http) throws Exception {

  http.csrf().disable()
    .authorizeRequests()
    .antMatchers("/actuator/**").hasRole("ADMIN")
    .and().httpBasic()
    .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);//We don't need sessions to be created.
}


}
Solution

  • i enabled basic authentication for spring boot admin server added the property in microservices 

    eureka.instance.metadata-map.user.name: 
eureka.instance.metadata-map.user.password:

    now actuator endpoints are protected by basic authentication