update 更新过时配置 WebSecurityConfigurerAdapter 改为 bean 注入

2022-07-06 16:13:42 +08:00 · 2022-07-06 16:13:42 +08:00 · 48cb0a1bb1
commit 48cb0a1bb1
parent 84f00e7cad
2 changed files with 26 additions and 22 deletions
--- a/ruoyi-extend/ruoyi-monitor-admin/src/main/java/com/ruoyi/monitor/admin/config/SecurityConfig.java
+++ b/ruoyi-extend/ruoyi-monitor-admin/src/main/java/com/ruoyi/monitor/admin/config/SecurityConfig.java
@ -1,10 +1,10 @@
 package com.ruoyi.monitor.admin.config;
 import de.codecentric.boot.admin.server.config.AdminServerProperties;
-import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 /**
@ -12,9 +12,8 @@ import org.springframework.security.web.authentication.SavedRequestAwareAuthenti
 *
 * @author Lion Li
 */
@Configuration
@EnableWebSecurity
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {
    private final String adminContextPath;
@ -22,27 +21,30 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
        this.adminContextPath = adminServerProperties.getContextPath();
    }
-    @Override
+    @Bean
-    protected void configure(HttpSecurity httpSecurity) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        successHandler.setTargetUrlParameter("redirectTo");
        successHandler.setDefaultTargetUrl(adminContextPath + "/");
-        // admin监控 用户鉴权
+
-        httpSecurity.authorizeRequests()
+        return httpSecurity
-            //授予对所有静态资产和登录页面的公共访问权限。
+                .headers().frameOptions().disable()
-            .antMatchers(adminContextPath + "/assets/**").permitAll()
+                .and().authorizeRequests()
-            .antMatchers(adminContextPath + "/login").permitAll()
+                .antMatchers(adminContextPath + "/assets/**"
-            .antMatchers("/actuator").permitAll()
+                    , adminContextPath + "/login"
-            .antMatchers("/actuator/**").permitAll()
+                    , "/actuator"
-            //必须对每个其他请求进行身份验证
+                    , "/actuator/**"
-            .anyRequest().authenticated().and()
+                ).permitAll()
-            //配置登录和注销
+                .anyRequest().authenticated()
                .and()
                .formLogin().loginPage(adminContextPath + "/login")
                .successHandler(successHandler).and()
-            .logout().logoutUrl(adminContextPath + "/logout").and()
+                .logout().logoutUrl(adminContextPath + "/logout")
-            //启用HTTP-Basic支持。这是Spring Boot Admin Client注册所必需的
+                .and()
-            .httpBasic().and().csrf().disable()
+                .httpBasic().and()
-            .headers().frameOptions().disable();
+                .csrf()
                .disable()
                .build();
    }
 }
--- a/ruoyi-extend/ruoyi-monitor-admin/src/main/resources/application.yml
+++ b/ruoyi-extend/ruoyi-monitor-admin/src/main/resources/application.yml
@ -14,6 +14,8 @@ spring:
      password: 123456
  boot:
    admin:
      ui:
        title: RuoYi-Vue-Plus服务监控中心
      context-path: /admin
 --- # Actuator 监控端点的配置项