I am trying to configure an example application using the spring admin loader (both server + client) and running with authentication.
When spring protection is enabled on client-side management / executor endpoints, spring-boot-admin server cannot interact with the client - logging into the admin interface via a web browser will result in a continuous loop of authentication windows and requests for user names / passwords. When you click cancel, an HTTP 401 error will be displayed on the page.
Here is a configuration that works on the client side:
management.security.enabled = false
security.basic.enabled = true
security.user.name = test
security.user.password = test
spring.boot.admin.url = http: // localhost: 9081 / admin
spring.boot.admin.username = admin
spring.boot.admin.password = admin
This will:
- Disable protection for spring-boot management / actuator resource
- Enable security for all other resources (HTTP basic auth - user: test, password: test)
- Register the spring-admin client at startup using the URL http: // localhost: 9081 / admin (HTTP basic auth - user: admin, password: admin)
I assume that the spring download application does not communicate with secure clients, because I do not see any configuration properties that would allow information to be transmitted during client registration.
- , , ? " " , .