這是一個非常愚蠢的問題,但是,我不明白爲什麼執行機構給我一個404而不是401當我嘗試訪問一個安全的端點。爲什麼Spring Boot Actuator會返回404而不是401?
我添加的依賴
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
和殘疾人的安全不敏感的端點現在
security.basic.enabled=false
,我可以訪問應用程序,以及(一個殘缺版)/health
但是當我去/metrics
,它給了我一個WWW-Authenticate
頭,很好,但有一個404,所以我的瀏覽器不會提示我輸入用戶名和密碼。
$ curl -v http://localhost:8081/metrics
* STATE: INIT => CONNECT handle 0x6000572d0; line 1090 (connection #-5000)
* Added connection 0. The cache now contains 1 members
* Trying ::1...
* STATE: CONNECT => WAITCONNECT handle 0x6000572d0; line 1143 (connection #0)
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8081 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x6000572d0; line 1240 (connection #0)
* STATE: SENDPROTOCONNECT => DO handle 0x6000572d0; line 1258 (connection #0)
> GET /metrics HTTP/1.1
> Host: localhost:8081
> User-Agent: curl/7.45.0
> Accept: */*
>
* STATE: DO => DO_DONE handle 0x6000572d0; line 1337 (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x6000572d0; line 1464 (connection #0)
* STATE: WAITPERFORM => PERFORM handle 0x6000572d0; line 1474 (connection #0)
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 404 Not Found
* Server Apache-Coyote/1.1 is not blacklisted
< Server: Apache-Coyote/1.1
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=31536000 ; includeSubDomains
< WWW-Authenticate: Basic realm="Spring"
< Content-Length: 0
< Date: Thu, 21 Jan 2016 15:55:12 GMT
<
* STATE: PERFORM => DONE handle 0x6000572d0; line 1632 (connection #0)
* Curl_done
* Connection #0 to host localhost left intact
而且在application.properties
# Spring Boot Actuator
management.address=127.0.0.1
management.port=8081
security.basic.enabled=false
security.user.name=admin
security.user.password=a1b2c3
相關屬性,這是爲什麼呢?我可以改變它嗎?
你能發表您的整個配置文件?你應該爲所有端點(甚至是組成端點)獲得401,除了那些明確不敏感的端點,如'/ health'。 – Adam
@adamr我添加了我擁有的屬性,如果你的意思是。 – user3748908
假設您的應用程序運行在不同的端口上,您是否可以嘗試在與應用程序相同的端口上運行執行器並查看指標是否適用? – Adam