disable csrf

whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/README.md

@@ -5,4 +5,8 @@
 
 ```
 curl http://localhost:8080/actuator/mappings -u application:whatsmars-spring-boot
-```
\ No newline at end of file
+```
+
+如果要禁止http访问actuator，有两种方式：
+- 增加 ActuatorFilter，拦截 /actuator 开头的请求
+- 非Web应用中去掉Web模块
\ No newline at end of file

whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/pom.xml

@@ -27,10 +27,6 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-security</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.hongxi</groupId>
-            <artifactId>whatsmars-common</artifactId>
-        </dependency>
     </dependencies>
 
 </project>
\ No newline at end of file

whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/src/main/java/org/hongxi/whatsmars/boot/sample/actuator/StandardWebSecurityConfigurer.java

@@ -23,7 +23,8 @@ public class StandardWebSecurityConfigurer extends WebSecurityConfigurerAdapter
   
     @Override  
     public void configure(HttpSecurity http) throws Exception {
-        http.authorizeRequests()  
+        http.csrf().disable()
+                .authorizeRequests()
                 .requestMatchers(EndpointRequest.to(
                         MappingsEndpoint.class,
                         EnvironmentEndpoint.class,
@@ -36,7 +37,7 @@ public class StandardWebSecurityConfigurer extends WebSecurityConfigurerAdapter
                 .anyRequest()
                 .permitAll()
                 .and()
-                .httpBasic();  
+                .httpBasic();
   
     }  
 }  
\ No newline at end of file