1 年間前 · 0c09adfe0a
--- a/ruoyi-extend/ruoyi-monitor-admin/src/main/java/org/dromara/monitor/admin/config/SecurityConfig.java
+++ b/ruoyi-extend/ruoyi-monitor-admin/src/main/java/org/dromara/monitor/admin/config/SecurityConfig.java
@@ -3,10 +3,14 @@ package org.dromara.monitor.admin.config;
 
				 import de.codecentric.boot.admin.server.config.AdminServerProperties;
			
 
				 import org.springframework.context.annotation.Bean;
			
 
				 import org.springframework.context.annotation.Configuration;
			
 
				+import org.springframework.security.config.Customizer;
			
 
				 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
			
 
				 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
			
 
				+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
			
 
				+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
			
 
				 import org.springframework.security.web.SecurityFilterChain;
			
 
				 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
			
 
				+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
			
 
				 
			
 
				 /**
			
 
				  * admin 监控 安全配置
			
@@ -30,23 +34,23 @@ public class SecurityConfig {
 
				         successHandler.setDefaultTargetUrl(adminContextPath + "/");
			
 
				 
			
 
				         return httpSecurity
			
 
				-                .headers().frameOptions().disable()
			
 
				-                .and().authorizeHttpRequests()
			
 
				-                .requestMatchers(adminContextPath + "/assets/**"
			
 
				-                    , adminContextPath + "/login"
			
 
				-                    , "/actuator"
			
 
				-                    , "/actuator/**"
			
 
				-                ).permitAll()
			
 
				-                .anyRequest().authenticated()
			
 
				-                .and()
			
 
				-                .formLogin().loginPage(adminContextPath + "/login")
			
 
				-                .successHandler(successHandler).and()
			
 
				-                .logout().logoutUrl(adminContextPath + "/logout")
			
 
				-                .and()
			
 
				-                .httpBasic().and()
			
 
				-                .csrf()
			
 
				-                .disable()
			
 
				-                .build();
			
 
				+            .headers((header) ->
			
 
				+                header.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
			
 
				+            .authorizeHttpRequests((authorize) ->
			
 
				+                authorize.requestMatchers(
			
 
				+                        new AntPathRequestMatcher(adminContextPath + "/assets/**"),
			
 
				+                        new AntPathRequestMatcher(adminContextPath + "/login"),
			
 
				+                        new AntPathRequestMatcher("/actuator"),
			
 
				+                        new AntPathRequestMatcher("/actuator/**")
			
 
				+                    ).permitAll()
			
 
				+                    .anyRequest().authenticated())
			
 
				+            .formLogin((formLogin) ->
			
 
				+                formLogin.loginPage(adminContextPath + "/login").successHandler(successHandler))
			
 
				+            .logout((logout) ->
			
 
				+                logout.logoutUrl(adminContextPath + "/logout"))
			
 
				+            .httpBasic(Customizer.withDefaults())
			
 
				+            .csrf(AbstractHttpConfigurer::disable)
			
 
				+            .build();
			
 
				     }
			
 
				 
			
 
				 }