error 401 - Spring boot actuator login/password in browser

问题

I use spring boot with actuator and I add security configuration:

management.port=8088
management.address=127.0.0.1
management.security.enabled=true
security.user.name=admin
security.user.password=secret
management.security.role=SUPERUSER

curl -u admin:secret http://127.0.0.1:8088/metrics is OK but with Chrome (http://127.0.0.1:8088/metrics): {"timestamp":1506692938036,"status":401,"error":"Unauthorized","message":"Full authentication is required to access this resource.","path":"/metrics"}

How to use login/password in url or headers?

EDIT 1

I try @Lachezar Balev solution (Authorization: Basic YWRtaW46c2VjcmV0 + admin:secret@ in url) but is KO

回答1:

In an URL:

http://admin:secret@127.0.0.1:8088/metrics

As a header:

Authorization: Basic YWRtaW46c2VjcmV0

回答2:

Use the CustomAuthenticationEntryPoint with @Component Annotation

@Configuration
@EnableWebSecurity
public class AdminEntryPointsSecurityConfig {

    @Bean
    public PasswordEncoder encoder() {
        return new BCryptPasswordEncoder();
    }

    @Configuration
    @Order(1)
    public static class App1ConfigurationAdapter extends WebSecurityConfigurerAdapter {

        @Autowired
        private CustomAuthenticationEntryPoint authenticationEntryPoint;

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.antMatcher("/actuator/**")
                .authorizeRequests().anyRequest().hasRole("ADMIN")
                .and().httpBasic().authenticationEntryPoint(authenticationEntryPoint)    
                .and().exceptionHandling().accessDeniedPage("/403");
        }   




        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();        
            auth.inMemoryAuthentication()
                .passwordEncoder(encoder)
                .withUser("act")
                .password(encoder.encode("act"))            
                .roles("ADMIN");
        }
    }

}

Then do the Basic Authentication.

@Component
public class CustomAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {

    @Override
    public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException, ServletException {
        response.addHeader("WWW-Authenticate", "Basic realm=\"" + getRealmName() + "\"");
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        final PrintWriter writer = response.getWriter();
        writer.println("HTTP Status " + HttpServletResponse.SC_UNAUTHORIZED + " - " + authException.getMessage());
    }

    @Override
    public void afterPropertiesSet() throws Exception {
        setRealmName("ADMIN");
        super.afterPropertiesSet();
    }

}