mirror of
https://gitee.com/zhijiantianya/yudao-cloud.git
synced 2025-12-30 09:22:27 +00:00
feat:【infra】spring boot admin 默认需要登录
This commit is contained in:
YunaiV
@@ -12,3 +12,24 @@ spring:
|
||||
config: # 【注册中心】配置项
|
||||
namespace: dev # 命名空间。这里使用 dev 开发环境
|
||||
group: DEFAULT_GROUP # 使用的 Nacos 配置分组,默认为 DEFAULT_GROUP
|
||||
|
||||
--- #################### 监控相关配置 ####################
|
||||
|
||||
# Actuator 监控端点的配置项
|
||||
management:
|
||||
endpoints:
|
||||
web:
|
||||
base-path: /actuator # Actuator 提供的 API 接口的根目录。默认为 /actuator
|
||||
exposure:
|
||||
include: '*' # 需要开放的端点。默认值只打开 health 和 info 两个端点。通过设置 * ,可以开放所有端点。
|
||||
|
||||
# Spring Boot Admin 配置项
|
||||
spring:
|
||||
boot:
|
||||
admin:
|
||||
# Spring Boot Admin Client 客户端的相关配置
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
@@ -13,7 +13,29 @@ spring:
|
||||
namespace: dev # 命名空间。这里使用 dev 开发环境
|
||||
group: DEFAULT_GROUP # 使用的 Nacos 配置分组,默认为 DEFAULT_GROUP
|
||||
|
||||
--- #################### 监控相关配置 ####################
|
||||
|
||||
# Actuator 监控端点的配置项
|
||||
management:
|
||||
endpoints:
|
||||
web:
|
||||
base-path: /actuator # Actuator 提供的 API 接口的根目录。默认为 /actuator
|
||||
exposure:
|
||||
include: '*' # 需要开放的端点。默认值只打开 health 和 info 两个端点。通过设置 * ,可以开放所有端点。
|
||||
|
||||
# Spring Boot Admin 配置项
|
||||
spring:
|
||||
boot:
|
||||
admin:
|
||||
# Spring Boot Admin Client 客户端的相关配置
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
|
||||
# 日志文件配置
|
||||
logging:
|
||||
level:
|
||||
org.springframework.context.support.PostProcessorRegistrationDelegate: ERROR # TODO 芋艿:先禁用,Spring Boot 3.X 存在部分错误的 WARN 提示
|
||||
|
||||
|
||||
@@ -124,6 +124,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
# Spring Boot Admin Server 服务端的相关配置
|
||||
context-path: /admin # 配置 Spring
|
||||
|
||||
|
||||
@@ -119,6 +119,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
|
||||
# 日志文件配置
|
||||
logging:
|
||||
|
||||
@@ -107,6 +107,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
|
||||
--- #################### 芋道相关配置 ####################
|
||||
|
||||
|
||||
@@ -118,6 +118,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
|
||||
# 日志文件配置
|
||||
logging:
|
||||
|
||||
@@ -108,6 +108,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
|
||||
--- #################### 芋道相关配置 ####################
|
||||
|
||||
|
||||
@@ -117,6 +117,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
|
||||
# 日志文件配置
|
||||
logging:
|
||||
|
||||
@@ -108,6 +108,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
|
||||
--- #################### 芋道相关配置 ####################
|
||||
|
||||
|
||||
@@ -117,6 +117,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
|
||||
# 日志文件配置
|
||||
logging:
|
||||
|
||||
@@ -1,8 +1,106 @@
|
||||
package cn.iocoder.yudao.module.infra.framework.monitor.config;
|
||||
|
||||
import jakarta.servlet.DispatcherType;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
|
||||
|
||||
/**
|
||||
* Spring Boot Admin Server 配置
|
||||
*
|
||||
* 包含 Admin Server 的启用配置和安全配置
|
||||
* 安全配置独立于 {@link cn.iocoder.yudao.framework.security.config.YudaoWebSecurityConfigurerAdapter},
|
||||
* 使用 HTTP Basic 认证保护 Admin Server 端点,不影响现有的 Token 认证机制
|
||||
*
|
||||
* @author 芋道源码
|
||||
*/
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
//@EnableAdminServer
|
||||
@ConditionalOnClass(name = "de.codecentric.boot.admin.server.config.AdminServerProperties") // 目的:按需启动 spring boot admin 监控服务
|
||||
public class AdminServerConfiguration {
|
||||
|
||||
@Value("${spring.boot.admin.context-path:''}")
|
||||
private String adminSeverContextPath;
|
||||
|
||||
@Value("${spring.boot.admin.client.username:admin}")
|
||||
private String username;
|
||||
|
||||
@Value("${spring.boot.admin.client.password:admin}")
|
||||
private String password;
|
||||
|
||||
/**
|
||||
* Spring Boot Admin 专用的 InMemoryUserDetailsManager
|
||||
* 使用内存存储,与系统用户隔离
|
||||
*/
|
||||
@Bean("adminUserDetailsManager")
|
||||
public InMemoryUserDetailsManager adminUserDetailsManager(PasswordEncoder passwordEncoder) {
|
||||
UserDetails adminUser = User.builder()
|
||||
.username(username)
|
||||
.password(passwordEncoder.encode(password))
|
||||
.roles("ADMIN_SERVER")
|
||||
.build();
|
||||
return new InMemoryUserDetailsManager(adminUser);
|
||||
}
|
||||
|
||||
/**
|
||||
* Spring Boot Admin Server 的 SecurityFilterChain
|
||||
* 使用 @Order(1) 确保优先于默认的 SecurityFilterChain 匹配
|
||||
*/
|
||||
@Bean("adminServerSecurityFilterChain")
|
||||
@Order(1)
|
||||
public SecurityFilterChain adminServerSecurityFilterChain(HttpSecurity httpSecurity,
|
||||
InMemoryUserDetailsManager adminUserDetailsManager) throws Exception {
|
||||
// 登录成功后的处理器
|
||||
SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
|
||||
successHandler.setTargetUrlParameter("redirectTo");
|
||||
successHandler.setDefaultTargetUrl(adminSeverContextPath + "/");
|
||||
|
||||
// 配置 HttpSecurity 对象
|
||||
httpSecurity
|
||||
// 仅匹配 Admin Server 的路径
|
||||
.securityMatcher(adminSeverContextPath + "/**")
|
||||
// 使用独立的 UserDetailsManager
|
||||
.userDetailsService(adminUserDetailsManager)
|
||||
// 授权配置
|
||||
.authorizeHttpRequests(auth -> auth
|
||||
.requestMatchers(adminSeverContextPath + "/assets/**").permitAll() // 静态资源允许匿名访问
|
||||
.requestMatchers(adminSeverContextPath + "/login").permitAll() // 登录页面允许匿名访问
|
||||
.dispatcherTypeMatchers(DispatcherType.ASYNC).permitAll() // 异步请求允许
|
||||
.anyRequest().authenticated() // 其他请求需要认证
|
||||
)
|
||||
// 表单登录配置(用于 Admin UI 访问)
|
||||
.formLogin(form -> form
|
||||
.loginPage(adminSeverContextPath + "/login")
|
||||
.successHandler(successHandler)
|
||||
.permitAll()
|
||||
)
|
||||
// 登出配置
|
||||
.logout(logout -> logout
|
||||
.logoutUrl(adminSeverContextPath + "/logout")
|
||||
.logoutSuccessUrl(adminSeverContextPath + "/login")
|
||||
)
|
||||
// HTTP Basic 认证(用于 Admin Client 注册)
|
||||
.httpBasic(Customizer.withDefaults())
|
||||
// CSRF 配置
|
||||
.csrf(csrf -> csrf
|
||||
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
|
||||
.ignoringRequestMatchers(
|
||||
adminSeverContextPath + "/instances", // Admin Client 注册端点忽略 CSRF
|
||||
adminSeverContextPath + "/actuator/**" // Actuator 端点忽略 CSRF
|
||||
)
|
||||
);
|
||||
return httpSecurity.build();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -2,7 +2,6 @@ package cn.iocoder.yudao.module.infra.framework.security.config;
|
||||
|
||||
import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
|
||||
import cn.iocoder.yudao.module.infra.enums.ApiConstants;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
@@ -14,9 +13,6 @@ import org.springframework.security.config.annotation.web.configurers.AuthorizeH
|
||||
@Configuration(proxyBeanMethods = false, value = "infraSecurityConfiguration")
|
||||
public class SecurityConfiguration {
|
||||
|
||||
@Value("${spring.boot.admin.context-path:''}")
|
||||
private String adminSeverContextPath;
|
||||
|
||||
@Bean("infraAuthorizeRequestsCustomizer")
|
||||
public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() {
|
||||
return new AuthorizeRequestsCustomizer() {
|
||||
@@ -33,9 +29,6 @@ public class SecurityConfiguration {
|
||||
.requestMatchers("/actuator/**").permitAll();
|
||||
// Druid 监控
|
||||
registry.requestMatchers("/druid/**").permitAll();
|
||||
// Spring Boot Admin Server 的安全配置
|
||||
registry.requestMatchers(adminSeverContextPath).permitAll()
|
||||
.requestMatchers(adminSeverContextPath + "/**").permitAll();
|
||||
// 文件读取
|
||||
registry.requestMatchers(buildAdminApi("/infra/file/*/get/**")).permitAll();
|
||||
|
||||
|
||||
@@ -122,6 +122,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
# Spring Boot Admin Server 服务端的相关配置
|
||||
context-path: /admin # 配置 Spring
|
||||
|
||||
|
||||
@@ -133,6 +133,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
# Spring Boot Admin Server 服务端的相关配置
|
||||
context-path: /admin # 配置 Spring
|
||||
|
||||
|
||||
@@ -123,6 +123,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
# Spring Boot Admin Server 服务端的相关配置
|
||||
context-path: /admin # 配置 Spring
|
||||
|
||||
|
||||
@@ -140,6 +140,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
|
||||
# 日志文件配置
|
||||
logging:
|
||||
|
||||
@@ -107,6 +107,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
# Spring Boot Admin Server 服务端的相关配置
|
||||
context-path: /admin # 配置 Spring
|
||||
|
||||
|
||||
@@ -118,6 +118,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
|
||||
# 日志文件配置
|
||||
logging:
|
||||
|
||||
@@ -107,6 +107,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
# Spring Boot Admin Server 服务端的相关配置
|
||||
context-path: /admin # 配置 Spring
|
||||
|
||||
|
||||
@@ -118,6 +118,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
|
||||
# 日志文件配置
|
||||
logging:
|
||||
|
||||
@@ -107,6 +107,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
# Spring Boot Admin Server 服务端的相关配置
|
||||
context-path: /admin # 配置 Spring
|
||||
|
||||
|
||||
@@ -118,6 +118,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
|
||||
# 日志文件配置
|
||||
logging:
|
||||
|
||||
@@ -107,6 +107,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
# Spring Boot Admin Server 服务端的相关配置
|
||||
context-path: /admin # 配置 Spring
|
||||
|
||||
|
||||
@@ -118,6 +118,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
|
||||
# 日志文件配置
|
||||
logging:
|
||||
|
||||
@@ -107,6 +107,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
# Spring Boot Admin Server 服务端的相关配置
|
||||
context-path: /admin # 配置 Spring
|
||||
|
||||
|
||||
@@ -118,6 +118,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
|
||||
# 日志文件配置
|
||||
logging:
|
||||
|
||||
@@ -103,6 +103,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
|
||||
--- #################### 芋道相关配置 ####################
|
||||
|
||||
|
||||
@@ -112,6 +112,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
|
||||
# 日志文件配置
|
||||
logging:
|
||||
|
||||
@@ -108,6 +108,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
|
||||
--- #################### 芋道相关配置 ####################
|
||||
|
||||
|
||||
@@ -117,6 +117,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
|
||||
# 日志文件配置
|
||||
logging:
|
||||
|
||||
@@ -103,6 +103,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
|
||||
--- #################### 芋道相关配置 ####################
|
||||
|
||||
|
||||
@@ -113,6 +113,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
|
||||
# 日志文件配置
|
||||
logging:
|
||||
|
||||
@@ -122,6 +122,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
# Spring Boot Admin Server 服务端的相关配置
|
||||
context-path: /admin # 配置 Spring
|
||||
|
||||
|
||||
@@ -133,6 +133,8 @@ spring:
|
||||
client:
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
|
||||
# 日志文件配置
|
||||
logging:
|
||||
|
||||
@@ -115,6 +115,8 @@ spring:
|
||||
url: http://127.0.0.1:${server.port}/${spring.boot.admin.context-path} # 设置 Spring Boot Admin Server 地址
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
# Spring Boot Admin Server 服务端的相关配置
|
||||
context-path: /admin # 配置 Spring
|
||||
|
||||
|
||||
@@ -134,6 +134,8 @@ spring:
|
||||
url: http://127.0.0.1:${server.port}/${spring.boot.admin.context-path} # 设置 Spring Boot Admin Server 地址
|
||||
instance:
|
||||
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
|
||||
username: admin
|
||||
password: admin
|
||||
# Spring Boot Admin Server 服务端的相关配置
|
||||
context-path: /admin # 配置 Spring
|
||||
|
||||
|
||||
Reference in New Issue
Block a user