SPRING BOOT STARTER ACTUATOR Safety Arrangement

Spring Boot Starter Actuator is a powerful library provided by Spring Boot for monitoring and managing Spring Boot applications.It provides many useful endpoints, which can obtain some key information of the application, such as health conditions, memory usage, request mapping, etc. However, because the Actuator endpoint can provide sensitive information, such as configuration information, environment variables, etc., in the production environment, we need to configure the Actuator security to ensure that only authorized users can access these endpoints. First of all, we need to add the dependencies of Actuator to POM.XML: <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-actuator</artifactId> </dependency> Next, we need to configure the Spring Security to protect the Actuator endpoint.We can create a configuration class, inherit the `WebSecurityCONFIGURERADAPTER` class, and rewrite the `configure () method: @Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/actuator/**").hasRole("ADMIN") .anyRequest().authenticated() .and() .httpBasic(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .withUser("admin").password("{noop}password").roles("ADMIN"); } } In the above configuration, we define an HTTP Security, specifying the "admin" character to be accessed with the "admin" character.Any other request requires authentication.In addition, we also set up basic authentication (Basic Authentication) to need a username and password when accessing the Actuator endpoint. In the method of `Configure (AuthenticationManagerBuilder), we specify a user in memory and set its user name" Admin ", the password is" Password ", and has the" admin "character. Finally, we need to add Spring Security CSRF (Cross-Site Request Forgery) to Actual's endpoint.We can add a `@EnableWebSecurity` to the above configuration class, and rewrite the method to configure the protection of CSRF: @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { // ... @Override public void configure(WebSecurity web) throws Exception { web .ignoring() .antMatchers("/actuator/**"); } } In the above configuration, we ignore the CSRF protection of the path of `/actuator/**` to allow the Actuator endpoint to work normally. So far, we have completed the security configuration of Spring Boot Starter Actuator.Now, users with the role of "Admin" can access the Actuator endpoint and need to provide the correct username and password.At the same time, we also added CSRF protection to Actualor to ensure data security. I hope this article can help you understand how to configure a security configuration for Spring Boot Starter Actuator.If necessary, you can develop and deploy actual development and deployment according to the above code and configuration.