feat：【infra】spring boot admin 默认需要登录

yudao-gateway/src/main/resources/application-dev.yaml

@@ -11,4 +11,25 @@ spring:
         group: DEFAULT_GROUP # 使用的 Nacos 配置分组，默认为 DEFAULT_GROUP
       config: # 【注册中心】配置项
         namespace: dev # 命名空间。这里使用 dev 开发环境
-        group: DEFAULT_GROUP # 使用的 Nacos 配置分组，默认为 DEFAULT_GROUP
+        group: DEFAULT_GROUP # 使用的 Nacos 配置分组，默认为 DEFAULT_GROUP
+
+--- #################### 监控相关配置 ####################
+
+# Actuator 监控端点的配置项
+management:
+  endpoints:
+    web:
+      base-path: /actuator # Actuator 提供的 API 接口的根目录。默认为 /actuator
+      exposure:
+        include: '*' # 需要开放的端点。默认值只打开 health 和 info 两个端点。通过设置 * ，可以开放所有端点。
+
+# Spring Boot Admin 配置项
+spring:
+  boot:
+    admin:
+      # Spring Boot Admin Client 客户端的相关配置
+      client:
+        instance:
+          service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin

yudao-gateway/src/main/resources/application-local.yaml

@@ -13,7 +13,29 @@ spring:
         namespace: dev # 命名空间。这里使用 dev 开发环境
         group: DEFAULT_GROUP # 使用的 Nacos 配置分组，默认为 DEFAULT_GROUP
 
+--- #################### 监控相关配置 ####################
+
+# Actuator 监控端点的配置项
+management:
+  endpoints:
+    web:
+      base-path: /actuator # Actuator 提供的 API 接口的根目录。默认为 /actuator
+      exposure:
+        include: '*' # 需要开放的端点。默认值只打开 health 和 info 两个端点。通过设置 * ，可以开放所有端点。
+
+# Spring Boot Admin 配置项
+spring:
+  boot:
+    admin:
+      # Spring Boot Admin Client 客户端的相关配置
+      client:
+        instance:
+          service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
+
 # 日志文件配置
 logging:
   level:
     org.springframework.context.support.PostProcessorRegistrationDelegate: ERROR # TODO 芋艿：先禁用，Spring Boot 3.X 存在部分错误的 WARN 提示
+

yudao-module-ai/yudao-module-ai-server/src/main/resources/application-dev.yaml

@@ -124,6 +124,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
       # Spring Boot Admin Server 服务端的相关配置
       context-path: /admin # 配置 Spring
 

yudao-module-ai/yudao-module-ai-server/src/main/resources/application-local.yaml

@@ -119,6 +119,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
 
 # 日志文件配置
 logging:

yudao-module-bpm/yudao-module-bpm-server/src/main/resources/application-dev.yaml

@@ -107,6 +107,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
 
 --- #################### 芋道相关配置 ####################
 

yudao-module-bpm/yudao-module-bpm-server/src/main/resources/application-local.yaml

@@ -118,6 +118,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
 
 # 日志文件配置
 logging:

yudao-module-crm/yudao-module-crm-server/src/main/resources/application-dev.yaml

@@ -108,6 +108,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
 
 --- #################### 芋道相关配置 ####################
 

yudao-module-crm/yudao-module-crm-server/src/main/resources/application-local.yaml

@@ -117,6 +117,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
 
 # 日志文件配置
 logging:

yudao-module-erp/yudao-module-erp-server/src/main/resources/application-dev.yaml

@@ -108,6 +108,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
 
 --- #################### 芋道相关配置 ####################
 

yudao-module-erp/yudao-module-erp-server/src/main/resources/application-local.yaml

@@ -117,6 +117,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
 
 # 日志文件配置
 logging:

yudao-module-infra/yudao-module-infra-server/src/main/java/cn/iocoder/yudao/module/infra/framework/monitor/config/AdminServerConfiguration.java

@@ -1,8 +1,106 @@
 package cn.iocoder.yudao.module.infra.framework.monitor.config;
 
+import jakarta.servlet.DispatcherType;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 
+/**
+ * Spring Boot Admin Server 配置
+ *
+ * 包含 Admin Server 的启用配置和安全配置
+ * 安全配置独立于 {@link cn.iocoder.yudao.framework.security.config.YudaoWebSecurityConfigurerAdapter}，
+ * 使用 HTTP Basic 认证保护 Admin Server 端点，不影响现有的 Token 认证机制
+ *
+ * @author 芋道源码
+ */
 @Configuration(proxyBeanMethods = false)
 //@EnableAdminServer
+@ConditionalOnClass(name = "de.codecentric.boot.admin.server.config.AdminServerProperties") // 目的：按需启动 spring boot admin 监控服务
 public class AdminServerConfiguration {
+
+    @Value("${spring.boot.admin.context-path:''}")
+    private String adminSeverContextPath;
+
+    @Value("${spring.boot.admin.client.username:admin}")
+    private String username;
+
+    @Value("${spring.boot.admin.client.password:admin}")
+    private String password;
+
+    /**
+     * Spring Boot Admin 专用的 InMemoryUserDetailsManager
+     * 使用内存存储，与系统用户隔离
+     */
+    @Bean("adminUserDetailsManager")
+    public InMemoryUserDetailsManager adminUserDetailsManager(PasswordEncoder passwordEncoder) {
+        UserDetails adminUser = User.builder()
+                .username(username)
+                .password(passwordEncoder.encode(password))
+                .roles("ADMIN_SERVER")
+                .build();
+        return new InMemoryUserDetailsManager(adminUser);
+    }
+
+    /**
+     * Spring Boot Admin Server 的 SecurityFilterChain
+     * 使用 @Order(1) 确保优先于默认的 SecurityFilterChain 匹配
+     */
+    @Bean("adminServerSecurityFilterChain")
+    @Order(1)
+    public SecurityFilterChain adminServerSecurityFilterChain(HttpSecurity httpSecurity,
+                                                               InMemoryUserDetailsManager adminUserDetailsManager) throws Exception {
+        // 登录成功后的处理器
+        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
+        successHandler.setTargetUrlParameter("redirectTo");
+        successHandler.setDefaultTargetUrl(adminSeverContextPath + "/");
+
+        // 配置 HttpSecurity 对象
+        httpSecurity
+                // 仅匹配 Admin Server 的路径
+                .securityMatcher(adminSeverContextPath + "/**")
+                // 使用独立的 UserDetailsManager
+                .userDetailsService(adminUserDetailsManager)
+                // 授权配置
+                .authorizeHttpRequests(auth -> auth
+                        .requestMatchers(adminSeverContextPath + "/assets/**").permitAll() // 静态资源允许匿名访问
+                        .requestMatchers(adminSeverContextPath + "/login").permitAll() // 登录页面允许匿名访问
+                        .dispatcherTypeMatchers(DispatcherType.ASYNC).permitAll() // 异步请求允许
+                        .anyRequest().authenticated() // 其他请求需要认证
+                )
+                // 表单登录配置（用于 Admin UI 访问）
+                .formLogin(form -> form
+                        .loginPage(adminSeverContextPath + "/login")
+                        .successHandler(successHandler)
+                        .permitAll()
+                )
+                // 登出配置
+                .logout(logout -> logout
+                        .logoutUrl(adminSeverContextPath + "/logout")
+                        .logoutSuccessUrl(adminSeverContextPath + "/login")
+                )
+                // HTTP Basic 认证（用于 Admin Client 注册）
+                .httpBasic(Customizer.withDefaults())
+                // CSRF 配置
+                .csrf(csrf -> csrf
+                        .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
+                        .ignoringRequestMatchers(
+                                adminSeverContextPath + "/instances", // Admin Client 注册端点忽略 CSRF
+                                adminSeverContextPath + "/actuator/**" // Actuator 端点忽略 CSRF
+                        )
+                );
+        return httpSecurity.build();
+    }
+
 }

yudao-module-infra/yudao-module-infra-server/src/main/java/cn/iocoder/yudao/module/infra/framework/security/config/SecurityConfiguration.java

@@ -2,7 +2,6 @@ package cn.iocoder.yudao.module.infra.framework.security.config;
 
 import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
 import cn.iocoder.yudao.module.infra.enums.ApiConstants;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -14,9 +13,6 @@ import org.springframework.security.config.annotation.web.configurers.AuthorizeH
 @Configuration(proxyBeanMethods = false, value = "infraSecurityConfiguration")
 public class SecurityConfiguration {
 
-    @Value("${spring.boot.admin.context-path:''}")
-    private String adminSeverContextPath;
-
     @Bean("infraAuthorizeRequestsCustomizer")
     public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() {
         return new AuthorizeRequestsCustomizer() {
@@ -33,9 +29,6 @@ public class SecurityConfiguration {
                         .requestMatchers("/actuator/**").permitAll();
                 // Druid 监控
                 registry.requestMatchers("/druid/**").permitAll();
-                // Spring Boot Admin Server 的安全配置
-                registry.requestMatchers(adminSeverContextPath).permitAll()
-                        .requestMatchers(adminSeverContextPath + "/**").permitAll();
                 // 文件读取
                 registry.requestMatchers(buildAdminApi("/infra/file/*/get/**")).permitAll();
 

yudao-module-infra/yudao-module-infra-server/src/main/resources/application-dev.yaml

@@ -122,6 +122,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
       # Spring Boot Admin Server 服务端的相关配置
       context-path: /admin # 配置 Spring
 

yudao-module-infra/yudao-module-infra-server/src/main/resources/application-local.yaml

@@ -133,6 +133,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
       # Spring Boot Admin Server 服务端的相关配置
       context-path: /admin # 配置 Spring
 

yudao-module-iot/yudao-module-iot-server/src/main/resources/application-dev.yaml

@@ -123,6 +123,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
       # Spring Boot Admin Server 服务端的相关配置
       context-path: /admin # 配置 Spring
 

yudao-module-iot/yudao-module-iot-server/src/main/resources/application-local.yaml

@@ -140,6 +140,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
 
 # 日志文件配置
 logging:

yudao-module-mall/yudao-module-product-server/src/main/resources/application-dev.yaml

@@ -107,6 +107,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
       # Spring Boot Admin Server 服务端的相关配置
       context-path: /admin # 配置 Spring
 

yudao-module-mall/yudao-module-product-server/src/main/resources/application-local.yaml

@@ -118,6 +118,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
 
 # 日志文件配置
 logging:

yudao-module-mall/yudao-module-promotion-server/src/main/resources/application-dev.yaml

@@ -107,6 +107,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
       # Spring Boot Admin Server 服务端的相关配置
       context-path: /admin # 配置 Spring
 

yudao-module-mall/yudao-module-promotion-server/src/main/resources/application-local.yaml

@@ -118,6 +118,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
 
 # 日志文件配置
 logging:

yudao-module-mall/yudao-module-statistics-server/src/main/resources/application-dev.yaml

@@ -107,6 +107,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
       # Spring Boot Admin Server 服务端的相关配置
       context-path: /admin # 配置 Spring
 

yudao-module-mall/yudao-module-statistics-server/src/main/resources/application-local.yaml

@@ -118,6 +118,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
 
 # 日志文件配置
 logging:

yudao-module-mall/yudao-module-trade-server/src/main/resources/application-dev.yaml

@@ -107,6 +107,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
       # Spring Boot Admin Server 服务端的相关配置
       context-path: /admin # 配置 Spring
 

yudao-module-mall/yudao-module-trade-server/src/main/resources/application-local.yaml

@@ -118,6 +118,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
 
 # 日志文件配置
 logging:

yudao-module-member/yudao-module-member-server/src/main/resources/application-dev.yaml

@@ -107,6 +107,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
       # Spring Boot Admin Server 服务端的相关配置
       context-path: /admin # 配置 Spring
 

yudao-module-member/yudao-module-member-server/src/main/resources/application-local.yaml

@@ -118,6 +118,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
 
 # 日志文件配置
 logging:

yudao-module-mp/yudao-module-mp-server/src/main/resources/application-dev.yaml

@@ -103,6 +103,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
 
 --- #################### 芋道相关配置 ####################
 

yudao-module-mp/yudao-module-mp-server/src/main/resources/application-local.yaml

@@ -112,6 +112,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
 
 # 日志文件配置
 logging:

yudao-module-pay/yudao-module-pay-server/src/main/resources/application-dev.yaml

@@ -108,6 +108,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
 
 --- #################### 芋道相关配置 ####################
 

yudao-module-pay/yudao-module-pay-server/src/main/resources/application-local.yaml

@@ -117,6 +117,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
 
 # 日志文件配置
 logging:

yudao-module-report/yudao-module-report-server/src/main/resources/application-dev.yaml

@@ -103,6 +103,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
 
 --- #################### 芋道相关配置 ####################
 

yudao-module-report/yudao-module-report-server/src/main/resources/application-local.yaml

@@ -113,6 +113,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
 
 # 日志文件配置
 logging:

yudao-module-system/yudao-module-system-server/src/main/resources/application-dev.yaml

@@ -122,6 +122,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
       # Spring Boot Admin Server 服务端的相关配置
       context-path: /admin # 配置 Spring
 

yudao-module-system/yudao-module-system-server/src/main/resources/application-local.yaml

@@ -133,6 +133,8 @@ spring:
       client:
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
 
 # 日志文件配置
 logging:

yudao-server/src/main/resources/application-dev.yaml

@@ -115,6 +115,8 @@ spring:
         url: http://127.0.0.1:${server.port}/${spring.boot.admin.context-path} # 设置 Spring Boot Admin Server 地址
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
       # Spring Boot Admin Server 服务端的相关配置
       context-path: /admin # 配置 Spring
 

yudao-server/src/main/resources/application-local.yaml

@@ -134,6 +134,8 @@ spring:
         url: http://127.0.0.1:${server.port}/${spring.boot.admin.context-path} # 设置 Spring Boot Admin Server 地址
         instance:
           service-host-type: IP # 注册实例时，优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
+        username: admin
+        password: admin
       # Spring Boot Admin Server 服务端的相关配置
       context-path: /admin # 配置 Spring