Commit 5b9f7217 by Johannes Edmeier

Add a note on securing SBA to the docs

parent cc53a1d0
...@@ -25,4 +25,6 @@ include::client.adoc[] ...@@ -25,4 +25,6 @@ include::client.adoc[]
include::server.adoc[] include::server.adoc[]
include::security.adoc[]
include::faqs.adoc[] include::faqs.adoc[]
\ No newline at end of file
[[securing-spring-boot-admin]]
== Security ==
=== Securing Spring Boot Admin Server ===
Since there are several approaches on solving authentication and authorization in distributed web applications Spring Boot Admin doesn't ship a default one.
However you can include Spring Security to your Spring Boot Admin Server and configure it the way you like.
=== Securing Client's Actuator Endpoints ===
The simplest way to secure your actuator endpoints is to use basic authorization and the same username/password for all applications. This way the browser asks for the credentials and if you set `zuul.senstivieHeaders:` the Zuul Proxy in Spring Boot Admin Server forwards them to the clients.
For more complex solutions (Spring Session, OAuth2, ...) please have a look at the samples in https://github.com/joshiste/spring-boot-admin-samples[joshiste/spring-boot-admin-samples^].
...@@ -199,7 +199,7 @@ To enable Hipchat notifications you need to create an API token from you Hipchat ...@@ -199,7 +199,7 @@ To enable Hipchat notifications you need to create an API token from you Hipchat
| spring.boot.admin.notify.hipchat.description | spring.boot.admin.notify.hipchat.description
| Description to use in the event. SpEL-expressions are supported | Description to use in the event. SpEL-expressions are supported
| `+++"<strong>#{application.name}</strong>/#{application.id} is <strong>#{to.status}</strong>"+++` | `+++"&lt;strong&gt;#{application.name}&lt;/strong&gt;/#{application.id} is &lt;strong&gt;#{to.status}&lt;/strong&gt;"+++`
| |
|=== |===
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment