基于账号密码对Spring Boot Actuator认证授权

在Spring Boot Actuator中，你可以通过自定义AuthenticationManager和ManagementContext来实现基于账号密码的简单认证。以下是一个示例代码：

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.actuate.autoconfigure.web.server.ManagementWebServerFactoryCustomizer;
import org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration;
import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.boot.actuate.autoconfigure.web.server.ManagementServerProperties;
import org.springframework.boot.actuate.management.ContextPathApplicationContextInitializer;
import org.springframework.boot.actuate.autoconfigure.web.servlet.ManagementWebMvcAutoConfiguration;
import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointProperties;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.boot.actuate.autoconfigure.web.server.ManagementServerPropertiesAutoConfiguration;
import org.springframework.boot.actuate.management.endpoint.web.servlet.WebMvcEndpointManagementContextConfiguration;
import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthenticationAutowiredConfiguration;
 
@SpringBootApplication
public class ActuatorAuthApplication {
 
    public static void main(String[] args) {
        SpringApplication.run(ActuatorAuthApplication.class, args);
    }
 
    @Configuration
    public static class ActuatorSecurity extends WebMvcEndpointManagementContextConfiguration {
 
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
              .authorizeRequests()
                .requestMatchers(EndpointRequest.toAnyEndpoint()).authenticated()
                .anyRequest().permitAll()
              .and()
              .httpBasic();
        }
 
        @Override
        pro