#spring-boot #spring-security #togglz
Вопрос:
Я изучаю togglz. моя простая программа работает нормально, я пытаюсь добавить в память имя пользователя и пароль spring security, но я не могу войти в консоль администратора.
package com.example.demo;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import org.togglz.core.manager.FeatureManager;
import org.togglz.core.util.NamedFeature;
import java.util.HashMap;
import java.util.Map;
@SpringBootApplication
@RestController
public class ApiTestApplication {
@Autowired
private FeatureManager featureManager;
public static void main(String[] args) {
SpringApplication.run(ApiTestApplication.class, args);
}
@GetMapping
public Map<String, Boolean> test1() {
Map<String, Boolean> enumMap = new HashMap<>();
enumMap.put("FEATURE_ONE", featureManager.isActive(new NamedFeature("FEATURE_ONE")));
enumMap.put("FEATURE_TWO", featureManager.isActive(new NamedFeature("FEATURE_TWO")));
return enumMap;
}
}
свойства приложения
togglz.console.feature-admin-authority=ADMIN
togglz.features.FEATURE_ONE.enabled=false
togglz.features.FEATURE_TWO.enabled=false
togglz.console.enabled=true
togglz.console.path=/togglz-console
togglz.console.secured=true
management.endpoints.web.exposure.include=*
logging.level.org.togglz=DEBUG
класс безопасности
package com.example.demo;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.csrf()
.disable()
.formLogin()
.and()
.logout();
// @@formatter:on
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
// @formatter:off
auth.inMemoryAuthentication()
.withUser("admin")
.password("{noop}admin")
.roles("ADMIN");
}
}
build gradle
plugins {
id 'org.springframework.boot' version '2.4.2'
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
id 'java'
}
group = 'com.example'
version = '0.0.1-SNAPSHOT'
sourceCompatibility = '15'
configurations {
compileOnly {
extendsFrom annotationProcessor
}
}
repositories {
mavenCentral()
maven { url 'https://repo.spring.io/milestone' }
}
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-web'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
implementation 'org.springframework.boot:spring-boot-starter-actuator'
implementation 'org.togglz:togglz-spring-boot-starter: '
implementation 'org.togglz:togglz-console: '
implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'org.togglz:togglz-spring-security: '
implementation 'org.springframework.security:spring-security-test'
}
test {
useJUnitPlatform()
}
http://localhost:8080/ with un/pass -admin/admin
I am able to see booleans.
but to toggle it,
http://localhost:8080/togglz-console/index is saying type=Forbidden, status=403