Почетна Преглед Помоћ
Регистрација Пријавите се
linmingxu
/
rlzc-ai
1
0
Креирај огранак 0
Датотеке Дискусије 0 Захтеви за спајање 0 Вики
Преглед изворни кода

add 增加 springboot actuator 账号密码认证 杜绝内外网信息泄漏问题

疯狂的狮子Li пре 10 месеци
родитељ
0a3d5fd5d4
комит
105c007f03
7 измењених фајлова са 36 додато и 3 уклоњено
Један поглед Покажи статистику Diff
  1. 3 0
      ruoyi-admin/src/main/resources/application-dev.yml
  2. 3 0
      ruoyi-admin/src/main/resources/application-prod.yml
  3. 20 0
      ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfig.java
  4. 1 3
      ruoyi-extend/ruoyi-monitor-admin/src/main/java/org/dromara/monitor/admin/config/SecurityConfig.java
  5. 3 0
      ruoyi-extend/ruoyi-monitor-admin/src/main/resources/application.yml
  6. 3 0
      ruoyi-extend/ruoyi-snailjob-server/src/main/resources/application-dev.yml
  7. 3 0
      ruoyi-extend/ruoyi-snailjob-server/src/main/resources/application-prod.yml

+ 3 - 0
ruoyi-admin/src/main/resources/application-dev.yml
Прегледај датотеку 

@@ -5,6 +5,9 @@ spring.boot.admin.client:
 
   url: http://localhost:9090/admin
 
   url: http://localhost:9090/admin
 
   instance:
 
   instance:
 
     service-host-type: IP
 
     service-host-type: IP
 
+    metadata:
 
+      username: ${spring.boot.admin.client.username}
 
+      userpassword: ${spring.boot.admin.client.password}
 
   username: ruoyi
 
   username: ruoyi
 
   password: 123456
 
   password: 123456

+ 3 - 0
ruoyi-admin/src/main/resources/application-prod.yml
Прегледај датотеку 

@@ -8,6 +8,9 @@ spring.boot.admin.client:
 
   url: http://localhost:9090/admin
 
   url: http://localhost:9090/admin
 
   instance:
 
   instance:
 
     service-host-type: IP
 
     service-host-type: IP
 
+    metadata:
 
+      username: ${spring.boot.admin.client.username}
 
+      userpassword: ${spring.boot.admin.client.password}
 
   username: ruoyi
 
   username: ruoyi
 
   password: 123456
 
   password: 123456

+ 20 - 0
ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfig.java
Прегледај датотеку 

@@ -1,11 +1,15 @@
 
 package org.dromara.common.security.config;
 
 package org.dromara.common.security.config;
 
 
 
 import cn.dev33.satoken.exception.NotLoginException;
 
 import cn.dev33.satoken.exception.NotLoginException;
 
+import cn.dev33.satoken.filter.SaServletFilter;
 
+import cn.dev33.satoken.httpauth.basic.SaHttpBasicUtil;
 
 import cn.dev33.satoken.interceptor.SaInterceptor;
 
 import cn.dev33.satoken.interceptor.SaInterceptor;
 
 import cn.dev33.satoken.router.SaRouter;
 
 import cn.dev33.satoken.router.SaRouter;
 
 import cn.dev33.satoken.stp.StpUtil;
 
 import cn.dev33.satoken.stp.StpUtil;
 
+import cn.dev33.satoken.util.SaResult;
 
 import lombok.RequiredArgsConstructor;
 
 import lombok.RequiredArgsConstructor;
 
 import lombok.extern.slf4j.Slf4j;
 
 import lombok.extern.slf4j.Slf4j;
 
+import org.dromara.common.core.constant.HttpStatus;
 
 import org.dromara.common.core.utils.ServletUtils;
 
 import org.dromara.common.core.utils.ServletUtils;
 
 import org.dromara.common.core.utils.SpringUtils;
 
 import org.dromara.common.core.utils.SpringUtils;
 
 import org.dromara.common.core.utils.StringUtils;
 
 import org.dromara.common.core.utils.StringUtils;
 
@@ -14,6 +18,7 @@ import org.dromara.common.security.config.properties.SecurityProperties;
 
 import org.dromara.common.security.handler.AllUrlHandler;
 
 import org.dromara.common.security.handler.AllUrlHandler;
 
 import org.springframework.boot.autoconfigure.AutoConfiguration;
 
 import org.springframework.boot.autoconfigure.AutoConfiguration;
 
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 
+import org.springframework.context.annotation.Bean;
 
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 
 
@@ -71,4 +76,19 @@ public class SecurityConfig implements WebMvcConfigurer {
 
             .excludePathPatterns(securityProperties.getExcludes());
 
             .excludePathPatterns(securityProperties.getExcludes());
 
     }
 
     }
 
 
 
+    /**
 
+     * 对 actuator 健康检查接口 做账号密码鉴权
 
+     */
 
+    @Bean
 
+    public SaServletFilter getSaServletFilter() {
 
+        String username = SpringUtils.getProperty("spring.boot.admin.client.username");
 
+        String password = SpringUtils.getProperty("spring.boot.admin.client.password");
 
+        return new SaServletFilter()
 
+            .addInclude("/actuator", "/actuator/**")
 
+            .setAuth(obj -> {
 
+                SaHttpBasicUtil.check(username + ":" + password);
 
+            })
 
+            .setError(e -> SaResult.error(e.getMessage()).setCode(HttpStatus.UNAUTHORIZED));
 
+    }
 
+
 
 }
 
 }

+ 1 - 3
ruoyi-extend/ruoyi-monitor-admin/src/main/java/org/dromara/monitor/admin/config/SecurityConfig.java
Прегледај датотеку 

@@ -39,9 +39,7 @@ public class SecurityConfig {
 
             .authorizeHttpRequests((authorize) ->
 
             .authorizeHttpRequests((authorize) ->
 
                 authorize.requestMatchers(
 
                 authorize.requestMatchers(
 
                         new AntPathRequestMatcher(adminContextPath + "/assets/**"),
 
                         new AntPathRequestMatcher(adminContextPath + "/assets/**"),
 
-                        new AntPathRequestMatcher(adminContextPath + "/login"),
 
-                        new AntPathRequestMatcher("/actuator"),
 
-                        new AntPathRequestMatcher("/actuator/**")
 
+                        new AntPathRequestMatcher(adminContextPath + "/login")
 
                     ).permitAll()
 
                     ).permitAll()
 
                     .anyRequest().authenticated())
 
                     .anyRequest().authenticated())
 
             .formLogin((formLogin) ->
 
             .formLogin((formLogin) ->

+ 3 - 0
ruoyi-extend/ruoyi-monitor-admin/src/main/resources/application.yml
Прегледај датотеку 

@@ -41,5 +41,8 @@ spring.boot.admin.client:
 
   url: http://localhost:9090/admin
 
   url: http://localhost:9090/admin
 
   instance:
 
   instance:
 
     service-host-type: IP
 
     service-host-type: IP
 
+    metadata:
 
+      username: ${spring.boot.admin.client.username}
 
+      userpassword: ${spring.boot.admin.client.password}
 
   username: ruoyi
 
   username: ruoyi
 
   password: 123456
 
   password: 123456

+ 3 - 0
ruoyi-extend/ruoyi-snailjob-server/src/main/resources/application-dev.yml
Прегледај датотеку 

@@ -43,5 +43,8 @@ spring.boot.admin.client:
 
   url: http://localhost:9090/admin
 
   url: http://localhost:9090/admin
 
   instance:
 
   instance:
 
     service-host-type: IP
 
     service-host-type: IP
 
+    metadata:
 
+      username: ${spring.boot.admin.client.username}
 
+      userpassword: ${spring.boot.admin.client.password}
 
   username: ruoyi
 
   username: ruoyi
 
   password: 123456
 
   password: 123456

+ 3 - 0
ruoyi-extend/ruoyi-snailjob-server/src/main/resources/application-prod.yml
Прегледај датотеку 

@@ -43,5 +43,8 @@ spring.boot.admin.client:
 
   url: http://localhost:9090/admin
 
   url: http://localhost:9090/admin
 
   instance:
 
   instance:
 
     service-host-type: IP
 
     service-host-type: IP
 
+    metadata:
 
+      username: ${spring.boot.admin.client.username}
 
+      userpassword: ${spring.boot.admin.client.password}
 
   username: ruoyi
 
   username: ruoyi
 
   password: 123456
 
   password: 123456