From f8e2ed7ec4419c369260f8d91761ca71e55bd925 Mon Sep 17 00:00:00 2001 From: "huojin\\hj" <982011> Date: Wed, 11 Jun 2025 16:40:56 +0800 Subject: [PATCH] no message --- .../admin/config/ActuatorSecurityConfig.java | 47 +++++++++++++++++++ .../src/main/resources/dev/sa-base.yaml | 15 ------ .../src/main/resources/prod/sa-base.yaml | 15 ------ 3 files changed, 47 insertions(+), 30 deletions(-) create mode 100644 nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/config/ActuatorSecurityConfig.java diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/config/ActuatorSecurityConfig.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/config/ActuatorSecurityConfig.java new file mode 100644 index 0000000..bcdaf04 --- /dev/null +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/config/ActuatorSecurityConfig.java @@ -0,0 +1,47 @@ +package net.lab1024.sa.admin.config; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.Customizer; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; + +@Configuration +public class ActuatorSecurityConfig { + @Bean + public SecurityFilterChain actuatorSecurityFilterChain(HttpSecurity http) throws Exception { + http + .securityMatcher("/actuator/**") // 仅作用于/actuator路径 + .authorizeHttpRequests(authorize -> authorize + .anyRequest().hasRole("ACTUATOR") + ) + // 启用HTTP Basic认证的新方式 + .httpBasic(Customizer.withDefaults()) + // 禁用CSRF保护 + .csrf(csrf -> csrf.disable()); + + return http.build(); + } + + @Bean + public UserDetailsService userDetailsService(PasswordEncoder passwordEncoder) { + UserDetails user = User.builder() + .username("admin") + .password(passwordEncoder.encode("Youchain@56")) + .roles("ACTUATOR") + .build(); + + return new InMemoryUserDetailsManager(user); + } + + @Bean + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } +} \ No newline at end of file diff --git a/nc_wms_java/sa-base/src/main/resources/dev/sa-base.yaml b/nc_wms_java/sa-base/src/main/resources/dev/sa-base.yaml index d53f2e9..5436d61 100644 --- a/nc_wms_java/sa-base/src/main/resources/dev/sa-base.yaml +++ b/nc_wms_java/sa-base/src/main/resources/dev/sa-base.yaml @@ -170,18 +170,3 @@ smart: db-refresh-enabled: true # 数据库配置检测-执行间隔 默认120秒 可选 db-refresh-interval: 60 - -# Springboot Actuator授权 -management: - endpoints: - web: - exposure: - include: "health" # 只暴露健康检查端点 - endpoint: - health: - show-details: never - shutdown: - enabled: false # 显式关闭危险端点 - server: - port: 8002 - address: 127.0.0.1 \ No newline at end of file diff --git a/nc_wms_java/sa-base/src/main/resources/prod/sa-base.yaml b/nc_wms_java/sa-base/src/main/resources/prod/sa-base.yaml index 69b095b..64eadb0 100644 --- a/nc_wms_java/sa-base/src/main/resources/prod/sa-base.yaml +++ b/nc_wms_java/sa-base/src/main/resources/prod/sa-base.yaml @@ -172,18 +172,3 @@ smart: db-refresh-enabled: true # 数据库配置检测-执行间隔 默认120秒 可选 db-refresh-interval: 60 - -# Springboot Actuator授权 -management: - endpoints: - web: - exposure: - include: "health" # 只暴露健康检查端点 - endpoint: - health: - show-details: never - shutdown: - enabled: false # 显式关闭危险端点 - server: - port: 8002 - address: 127.0.0.1 \ No newline at end of file