admin/lx-admin-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add 增加 springboot actuator 账号密码认证 杜绝内外网信息泄漏问题

Browse Source
This commit is contained in:
疯狂的狮子Li 2024-07-24 18:56:40 +08:00
parent 0a3d5fd5d4
commit 105c007f03
7 changed files with 36 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ruoyi-admin/src/main/resources/application-dev.yml
View File

@ -5,6 +5,9 @@ spring.boot.admin.client:
url: http://localhost:9090/admin url: http://localhost:9090/admin
instance: instance:
service-host-type: IP service-host-type: IP
metadata:
username: ${spring.boot.admin.client.username}
userpassword: ${spring.boot.admin.client.password}
username: ruoyi username: ruoyi
password: 123456 password: 123456

3
ruoyi-admin/src/main/resources/application-prod.yml
View File

@ -8,6 +8,9 @@ spring.boot.admin.client:
url: http://localhost:9090/admin url: http://localhost:9090/admin
instance: instance:
service-host-type: IP service-host-type: IP
metadata:
username: ${spring.boot.admin.client.username}
userpassword: ${spring.boot.admin.client.password}
username: ruoyi username: ruoyi
password: 123456 password: 123456

20
ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfig.java
View File

@ -1,11 +1,15 @@
package org.dromara.common.security.config; package org.dromara.common.security.config;
import cn.dev33.satoken.exception.NotLoginException; import cn.dev33.satoken.exception.NotLoginException;
import cn.dev33.satoken.filter.SaServletFilter;
import cn.dev33.satoken.httpauth.basic.SaHttpBasicUtil;
import cn.dev33.satoken.interceptor.SaInterceptor; import cn.dev33.satoken.interceptor.SaInterceptor;
import cn.dev33.satoken.router.SaRouter; import cn.dev33.satoken.router.SaRouter;
import cn.dev33.satoken.stp.StpUtil; import cn.dev33.satoken.stp.StpUtil;
import cn.dev33.satoken.util.SaResult;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.dromara.common.core.constant.HttpStatus;
import org.dromara.common.core.utils.ServletUtils; import org.dromara.common.core.utils.ServletUtils;
import org.dromara.common.core.utils.SpringUtils; import org.dromara.common.core.utils.SpringUtils;
import org.dromara.common.core.utils.StringUtils; import org.dromara.common.core.utils.StringUtils;
@ -14,6 +18,7 @@ import org.dromara.common.security.config.properties.SecurityProperties;
import org.dromara.common.security.handler.AllUrlHandler; import org.dromara.common.security.handler.AllUrlHandler;
import org.springframework.boot.autoconfigure.AutoConfiguration; import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@ -71,4 +76,19 @@ public class SecurityConfig implements WebMvcConfigurer {
.excludePathPatterns(securityProperties.getExcludes()); .excludePathPatterns(securityProperties.getExcludes());
} }
/**
* actuator 健康检查接口 做账号密码鉴权
*/
@Bean
public SaServletFilter getSaServletFilter() {
String username = SpringUtils.getProperty("spring.boot.admin.client.username");
String password = SpringUtils.getProperty("spring.boot.admin.client.password");
return new SaServletFilter()
.addInclude("/actuator", "/actuator/**")
.setAuth(obj -> {
SaHttpBasicUtil.check(username + ":" + password);
})
.setError(e -> SaResult.error(e.getMessage()).setCode(HttpStatus.UNAUTHORIZED));
}
} }

4
ruoyi-extend/ruoyi-monitor-admin/src/main/java/org/dromara/monitor/admin/config/SecurityConfig.java
View File

@ -39,9 +39,7 @@ public class SecurityConfig {
.authorizeHttpRequests((authorize) -> .authorizeHttpRequests((authorize) ->
authorize.requestMatchers( authorize.requestMatchers(
new AntPathRequestMatcher(adminContextPath + "/assets/**"), new AntPathRequestMatcher(adminContextPath + "/assets/**"),
new AntPathRequestMatcher(adminContextPath + "/login"), new AntPathRequestMatcher(adminContextPath + "/login")
new AntPathRequestMatcher("/actuator"),
new AntPathRequestMatcher("/actuator/**")
).permitAll() ).permitAll()
.anyRequest().authenticated()) .anyRequest().authenticated())
.formLogin((formLogin) -> .formLogin((formLogin) ->

3
ruoyi-extend/ruoyi-monitor-admin/src/main/resources/application.yml
View File

@ -41,5 +41,8 @@ spring.boot.admin.client:
url: http://localhost:9090/admin url: http://localhost:9090/admin
instance: instance:
service-host-type: IP service-host-type: IP
metadata:
username: ${spring.boot.admin.client.username}
userpassword: ${spring.boot.admin.client.password}
username: ruoyi username: ruoyi
password: 123456 password: 123456

3
ruoyi-extend/ruoyi-snailjob-server/src/main/resources/application-dev.yml
View File

@ -43,5 +43,8 @@ spring.boot.admin.client:
url: http://localhost:9090/admin url: http://localhost:9090/admin
instance: instance:
service-host-type: IP service-host-type: IP
metadata:
username: ${spring.boot.admin.client.username}
userpassword: ${spring.boot.admin.client.password}
username: ruoyi username: ruoyi
password: 123456 password: 123456

3
ruoyi-extend/ruoyi-snailjob-server/src/main/resources/application-prod.yml
View File

@ -43,5 +43,8 @@ spring.boot.admin.client:
url: http://localhost:9090/admin url: http://localhost:9090/admin
instance: instance:
service-host-type: IP service-host-type: IP
metadata:
username: ${spring.boot.admin.client.username}
userpassword: ${spring.boot.admin.client.password}
username: ruoyi username: ruoyi
password: 123456 password: 123456