no message

2025-06-11 16:40:56 +08:00 · 2025-06-11 16:40:56 +08:00 · f8e2ed7ec4
parent 153717f3d4
commit f8e2ed7ec4
3 changed files with 47 additions and 30 deletions
--- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/config/ActuatorSecurityConfig.java
+++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/config/ActuatorSecurityConfig.java
@ -0,0 +1,47 @@
+package net.lab1024.sa.admin.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+public class ActuatorSecurityConfig {
+    @Bean
+    public SecurityFilterChain actuatorSecurityFilterChain(HttpSecurity http) throws Exception {
+        http
+                .securityMatcher("/actuator/**") // 仅作用于/actuator路径
+                .authorizeHttpRequests(authorize -> authorize
+                        .anyRequest().hasRole("ACTUATOR")
+                )
+                // 启用HTTP Basic认证的新方式
+                .httpBasic(Customizer.withDefaults())
+                // 禁用CSRF保护
+                .csrf(csrf -> csrf.disable());
+
+        return http.build();
+    }
+
+    @Bean
+    public UserDetailsService userDetailsService(PasswordEncoder passwordEncoder) {
+        UserDetails user = User.builder()
+                .username("admin")
+                .password(passwordEncoder.encode("Youchain@56"))
+                .roles("ACTUATOR")
+                .build();
+
+        return new InMemoryUserDetailsManager(user);
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}
--- a/nc_wms_java/sa-base/src/main/resources/dev/sa-base.yaml
+++ b/nc_wms_java/sa-base/src/main/resources/dev/sa-base.yaml
@ -170,18 +170,3 @@ smart:
    db-refresh-enabled: true
    # 数据库配置检测-执行间隔 默认120秒 可选
    db-refresh-interval: 60
-
-# Springboot Actuator授权
-management:
-  endpoints:
-    web:
-      exposure:
-        include: "health"  # 只暴露健康检查端点
-  endpoint:
-    health:
-      show-details: never
-    shutdown:
-      enabled: false  # 显式关闭危险端点
-  server:
-    port: 8002
-    address: 127.0.0.1
--- a/nc_wms_java/sa-base/src/main/resources/prod/sa-base.yaml
+++ b/nc_wms_java/sa-base/src/main/resources/prod/sa-base.yaml
@ -172,18 +172,3 @@ smart:
    db-refresh-enabled: true
    # 数据库配置检测-执行间隔 默认120秒 可选
    db-refresh-interval: 60
-
-# Springboot Actuator授权
-management:
-  endpoints:
-    web:
-      exposure:
-        include: "health"  # 只暴露健康检查端点
-  endpoint:
-    health:
-      show-details: never
-    shutdown:
-      enabled: false  # 显式关闭危险端点
-  server:
-    port: 8002
-    address: 127.0.0.1