diff --git a/ruoyi-extend/ruoyi-monitor-admin/src/main/java/com/ruoyi/monitor/admin/config/SecurityConfig.java b/ruoyi-extend/ruoyi-monitor-admin/src/main/java/com/ruoyi/monitor/admin/config/SecurityConfig.java index 2b04f712f..627fa835a 100644 --- a/ruoyi-extend/ruoyi-monitor-admin/src/main/java/com/ruoyi/monitor/admin/config/SecurityConfig.java +++ b/ruoyi-extend/ruoyi-monitor-admin/src/main/java/com/ruoyi/monitor/admin/config/SecurityConfig.java @@ -1,10 +1,10 @@ package com.ruoyi.monitor.admin.config; import de.codecentric.boot.admin.server.config.AdminServerProperties; -import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; /** @@ -12,9 +12,8 @@ import org.springframework.security.web.authentication.SavedRequestAwareAuthenti * * @author Lion Li */ -@Configuration @EnableWebSecurity -public class SecurityConfig extends WebSecurityConfigurerAdapter { +public class SecurityConfig { private final String adminContextPath; @@ -22,27 +21,30 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { this.adminContextPath = adminServerProperties.getContextPath(); } - @Override - protected void configure(HttpSecurity httpSecurity) throws Exception { + @Bean + public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception { SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler(); successHandler.setTargetUrlParameter("redirectTo"); successHandler.setDefaultTargetUrl(adminContextPath + "/"); - // admin监控 用户鉴权 - httpSecurity.authorizeRequests() - //授予对所有静态资产和登录页面的公共访问权限。 - .antMatchers(adminContextPath + "/assets/**").permitAll() - .antMatchers(adminContextPath + "/login").permitAll() - .antMatchers("/actuator").permitAll() - .antMatchers("/actuator/**").permitAll() - //必须对每个其他请求进行身份验证 - .anyRequest().authenticated().and() - //配置登录和注销 - .formLogin().loginPage(adminContextPath + "/login") - .successHandler(successHandler).and() - .logout().logoutUrl(adminContextPath + "/logout").and() - //启用HTTP-Basic支持。这是Spring Boot Admin Client注册所必需的 - .httpBasic().and().csrf().disable() - .headers().frameOptions().disable(); + + return httpSecurity + .headers().frameOptions().disable() + .and().authorizeRequests() + .antMatchers(adminContextPath + "/assets/**" + , adminContextPath + "/login" + , "/actuator" + , "/actuator/**" + ).permitAll() + .anyRequest().authenticated() + .and() + .formLogin().loginPage(adminContextPath + "/login") + .successHandler(successHandler).and() + .logout().logoutUrl(adminContextPath + "/logout") + .and() + .httpBasic().and() + .csrf() + .disable() + .build(); } } diff --git a/ruoyi-extend/ruoyi-monitor-admin/src/main/resources/application.yml b/ruoyi-extend/ruoyi-monitor-admin/src/main/resources/application.yml index bf0db5620..128a6f989 100644 --- a/ruoyi-extend/ruoyi-monitor-admin/src/main/resources/application.yml +++ b/ruoyi-extend/ruoyi-monitor-admin/src/main/resources/application.yml @@ -14,6 +14,8 @@ spring: password: 123456 boot: admin: + ui: + title: RuoYi-Vue-Plus服务监控中心 context-path: /admin --- # Actuator 监控端点的配置项