为什么Spring Boot Actuator会返回404而不是401?
这是一个非常愚蠢的问题,但是,我不明白为什么执行机构给我一个404而不是401当我尝试访问一个安全的端点。为什么Spring Boot Actuator会返回404而不是401?
我添加的依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
和残疾人的安全不敏感的端点现在
security.basic.enabled=false
,我可以访问应用程序,以及(一个残缺版)/health
但是当我去/metrics
,它给了我一个WWW-Authenticate
头,很好,但有一个404,所以我的浏览器不会提示我输入用户名和密码。
$ curl -v http://localhost:8081/metrics
* STATE: INIT => CONNECT handle 0x6000572d0; line 1090 (connection #-5000)
* Added connection 0. The cache now contains 1 members
* Trying ::1...
* STATE: CONNECT => WAITCONNECT handle 0x6000572d0; line 1143 (connection #0)
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8081 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x6000572d0; line 1240 (connection #0)
* STATE: SENDPROTOCONNECT => DO handle 0x6000572d0; line 1258 (connection #0)
> GET /metrics HTTP/1.1
> Host: localhost:8081
> User-Agent: curl/7.45.0
> Accept: */*
>
* STATE: DO => DO_DONE handle 0x6000572d0; line 1337 (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x6000572d0; line 1464 (connection #0)
* STATE: WAITPERFORM => PERFORM handle 0x6000572d0; line 1474 (connection #0)
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 404 Not Found
* Server Apache-Coyote/1.1 is not blacklisted
< Server: Apache-Coyote/1.1
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=31536000 ; includeSubDomains
< WWW-Authenticate: Basic realm="Spring"
< Content-Length: 0
< Date: Thu, 21 Jan 2016 15:55:12 GMT
<
* STATE: PERFORM => DONE handle 0x6000572d0; line 1632 (connection #0)
* Curl_done
* Connection #0 to host localhost left intact
而且在application.properties
# Spring Boot Actuator
management.address=127.0.0.1
management.port=8081
security.basic.enabled=false
security.user.name=admin
security.user.password=a1b2c3
相关属性,这是为什么呢?我可以改变它吗?
您已设置management.context-path=/actuator
,因此所有执行器端点都将以此为前缀。您的网址应localhost:8080/actuator/metrics
对不起,在第一次编辑时,我用'management.context-path =/actuator'发布了更新版本的属性。这不应该在那里,我删除它。 – user3748908
确保您已经添加弹簧引导起动网:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
1. endpoints.health.enabled=false , in application.properties
This was causing issue at my end. I removed this property from application.properties
2.In pom.xml it should be compile in <scope> tag.
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
<scope>compile</scope>
</dependency>
编译是默认范围。所以如果没有范围标记,它就会被编译。 – Cyril
你能发表您的整个配置文件?你应该为所有端点(甚至是组成端点)获得401,除了那些明确不敏感的端点,如'/ health'。 – Adam
@adamr我添加了我拥有的属性,如果你的意思是。 – user3748908
假设您的应用程序运行在不同的端口上,您是否可以尝试在与应用程序相同的端口上运行执行器并查看指标是否适用? – Adam