update 更新过时配置 WebSecurityConfigurerAdapter 改为 bean 注入

2022-07-06 16:13:42 +08:00 · 2022-07-06 16:13:42 +08:00 · 48cb0a1bb1
commit 48cb0a1bb1
parent 84f00e7cad
2 changed files with 26 additions and 22 deletions
--- a/ruoyi-extend/ruoyi-monitor-admin/src/main/java/com/ruoyi/monitor/admin/config/SecurityConfig.java
+++ b/ruoyi-extend/ruoyi-monitor-admin/src/main/java/com/ruoyi/monitor/admin/config/SecurityConfig.java
@ -1,10 +1,10 @@
 package com.ruoyi.monitor.admin.config;

 import de.codecentric.boot.admin.server.config.AdminServerProperties;
-import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;

 /**
@ -12,9 +12,8 @@ import org.springframework.security.web.authentication.SavedRequestAwareAuthenti
 *
 * @author Lion Li
 */
-@Configuration
@EnableWebSecurity
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {

    private final String adminContextPath;

@ -22,27 +21,30 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
        this.adminContextPath = adminServerProperties.getContextPath();
    }

-    @Override
-    protected void configure(HttpSecurity httpSecurity) throws Exception {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        successHandler.setTargetUrlParameter("redirectTo");
        successHandler.setDefaultTargetUrl(adminContextPath + "/");
-        // admin监控 用户鉴权
-        httpSecurity.authorizeRequests()
-            //授予对所有静态资产和登录页面的公共访问权限。
-            .antMatchers(adminContextPath + "/assets/**").permitAll()
-            .antMatchers(adminContextPath + "/login").permitAll()
-            .antMatchers("/actuator").permitAll()
-            .antMatchers("/actuator/**").permitAll()
-            //必须对每个其他请求进行身份验证
-            .anyRequest().authenticated().and()
-            //配置登录和注销
+
+        return httpSecurity
+                .headers().frameOptions().disable()
+                .and().authorizeRequests()
+                .antMatchers(adminContextPath + "/assets/**"
+                    , adminContextPath + "/login"
+                    , "/actuator"
+                    , "/actuator/**"
+                ).permitAll()
+                .anyRequest().authenticated()
+                .and()
                .formLogin().loginPage(adminContextPath + "/login")
                .successHandler(successHandler).and()
-            .logout().logoutUrl(adminContextPath + "/logout").and()
-            //启用HTTP-Basic支持。这是Spring Boot Admin Client注册所必需的
-            .httpBasic().and().csrf().disable()
-            .headers().frameOptions().disable();
+                .logout().logoutUrl(adminContextPath + "/logout")
+                .and()
+                .httpBasic().and()
+                .csrf()
+                .disable()
+                .build();
    }

 }
--- a/ruoyi-extend/ruoyi-monitor-admin/src/main/resources/application.yml
+++ b/ruoyi-extend/ruoyi-monitor-admin/src/main/resources/application.yml
@ -14,6 +14,8 @@ spring:
      password: 123456
  boot:
    admin:
+      ui:
+        title: RuoYi-Vue-Plus服务监控中心
      context-path: /admin

 --- # Actuator 监控端点的配置项