Skip to content

S
spring-boot
Commit ecc4676f authored by Dave Syer's avatar Dave Syer
Browse files
Options

Tweak security example

parent cf4f549b
Hide whitespace changes
Inline Side-by-side
Showing with 13 additions and 11 deletions
spring-boot-actuator/README.md
View file @ ecc4676f
...@@ -285,28 +285,30 @@ Try it out: ...@@ -285,28 +285,30 @@ Try it out:
$ curl localhost:8080/ $ curl localhost:8080/
{"status": 403, "error": "Forbidden", "message": "Access Denied"} {"status": 403, "error": "Forbidden", "message": "Access Denied"}
$ curl user:password@localhost:8080/ $ curl user:<password>@localhost:8080/
{"message": "Hello World"} {"message": "Hello World"}
The default auto configuration has an in-memory user database with one The default auto configuration has an in-memory user database with one
entry. If you want to extend or expand that, or point to a database entry, and the `<password>` value has to be read from the logs (at
or directory server, you only need to provide a `@Bean` definition for INFO level) by default. If you want to extend or expand that, or
an `AuthenticationManager`, e.g. in your `SampleController`: point to a database or directory server, you only need to provide a
`@Bean` definition for an `AuthenticationManager`, e.g. in your
`SampleController`:
@Bean @Bean
public AuthenticationManager authenticationManager() throws Exception { public AuthenticationManager authenticationManager() throws Exception {
return new AuthenticationManagerBuilder( return new AuthenticationManagerBuilder(
ObjectPostProcessor.QUIESCENT_POSTPROCESSOR).inMemoryAuthentication().withUser("user") ObjectPostProcessor.QUIESCENT_POSTPROCESSOR).inMemoryAuthentication().withUser("client")
.password("password").roles("USER").and().and().build(); .password("secret").roles("USER").and().and().build();
} }
Try it out: Try it out:
$ curl client:secret@localhost:8080/
{"status": 403, "error": "Forbidden", "message": "Access Denied"}
$ curl user:password@localhost:8080/ $ curl user:password@localhost:8080/
{"status": 403, "error": "Forbidden", "message": "Access Denied"}
$ curl client:secret@localhost:8080/
{"message": "Hello World"} {"message": "Hello World"}
## Adding a database ## Adding a database
...@@ -345,9 +347,9 @@ Then you will be able to inject a `DataSource` into your controller: ...@@ -345,9 +347,9 @@ Then you will be able to inject a `DataSource` into your controller:
... ...
} }
The app will run (going back to the default security configuration): The app will run (with the new security configuration):
$ curl user:password@localhost:8080/ $ curl client:secret@localhost:8080/
{"error":"Internal Server Error", "status":500, "exception":...} {"error":"Internal Server Error", "status":500, "exception":...}
but there's no data in the database yet and the `MESSAGES` table but there's no data in the database yet and the `MESSAGES` table
...@@ -362,7 +364,7 @@ Then you will be able to inject a `DataSource` into your controller: ...@@ -362,7 +364,7 @@ Then you will be able to inject a `DataSource` into your controller:
Now when you run the app you get a sensible response: Now when you run the app you get a sensible response:
$ curl user:password@localhost:8080/ $ curl client:secret@localhost:8080/
{"ID":0, "MESSAGE":"Hello Phil"} {"ID":0, "MESSAGE":"Hello Phil"}
Obviously, this is only the start, but hopefully you have a good grasp Obviously, this is only the start, but hopefully you have a good grasp
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment