SpringBoot Admin custom authentication flow when accessing client

Question

I have a number of applications reporting to a SpringBoot Admin application using SpringBoot Admin Client. One of our recent projects that's under construction is using a custom JWT/refresh token authentication flow and I want SpringBoot Admin to use that before hitting the actuator endpoints so I can secure those as well.

The flow works by sending credentials to /v1/auth/login, which will give the user a JWT token with expiration date and refresh token. The JWT is only valid for a short time after which it needs to be refreshed and is submitted with the request as a Bearer-token.

I found this this thread which is somewhat related, but I need to be able to see which endpoint it's trying to access since not all of the applications use the same kind of authentication.

Is there some way I can configure it to add the Authorization header with the correct headers given a URL or client name that matches a certain pattern? Preferably as part of some component that could keep JWT/expiry/refresh token as part of it's state, so I could refresh it when necessary.

Answer 1

Wouldn't it be enough to have some identifier of application (e.g. app name) and based on that differentiate the auth?

  @Bean
  public HttpHeadersProvider customHttpHeadersProvider(YourCustomProperties properties) {
    return instance -> {
      if (properties.getAppNames().contains(instance.getRegistration().getName())) {
        // do jwt stuff here
        return new HttpHeaders();
      }else {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.add("X-CUSTOM", "My Custom Value");
        return httpHeaders;
      }
    };
  }

Not sure what would be the best identifier to get from instance but this could work.