gitee/RuoYi-Cloud-Plus
1
0
Fork 0
mirror of https://gitee.com/dromara/RuoYi-Cloud-Plus.git synced 2026-03-22 02:37:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

add 增加 springboot actuator 账号密码认证 杜绝内外网信息泄漏问题

Browse Source
This commit is contained in:
疯狂的狮子Li
2024-07-24 20:07:56 +08:00
parent 5ee78233f1
commit 2575d2a711
4 changed files with 44 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
config/nacos/application-common.yml
View File

@@ -70,6 +70,12 @@ spring:
# 允许对象忽略json中不存在的属性 # 允许对象忽略json中不存在的属性
fail_on_unknown_properties: false fail_on_unknown_properties: false
cloud: cloud:
nacos:
discovery:
metadata:
# admin 监控账号密码
username: ruoyi
userpassword: 123456
# sentinel 配置 # sentinel 配置
sentinel: sentinel:
# sentinel 开关 # sentinel 开关

19
ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfiguration.java
View File

@@ -2,10 +2,12 @@ package org.dromara.common.security.config;
import cn.dev33.satoken.SaManager; import cn.dev33.satoken.SaManager;
import cn.dev33.satoken.filter.SaServletFilter; import cn.dev33.satoken.filter.SaServletFilter;
import cn.dev33.satoken.httpauth.basic.SaHttpBasicUtil;
import cn.dev33.satoken.interceptor.SaInterceptor; import cn.dev33.satoken.interceptor.SaInterceptor;
import cn.dev33.satoken.same.SaSameUtil; import cn.dev33.satoken.same.SaSameUtil;
import cn.dev33.satoken.util.SaResult; import cn.dev33.satoken.util.SaResult;
import org.dromara.common.core.constant.HttpStatus; import org.dromara.common.core.constant.HttpStatus;
import org.dromara.common.core.utils.SpringUtils;
import org.springframework.boot.autoconfigure.AutoConfiguration; import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
@@ -35,7 +37,7 @@ public class SecurityConfiguration implements WebMvcConfigurer {
public SaServletFilter getSaServletFilter() { public SaServletFilter getSaServletFilter() {
return new SaServletFilter() return new SaServletFilter()
.addInclude("/**") .addInclude("/**")
.addExclude("/actuator/**") .addExclude("/actuator", "/actuator/**")
.setAuth(obj -> { .setAuth(obj -> {
if (SaManager.getConfig().getCheckSameToken()) { if (SaManager.getConfig().getCheckSameToken()) {
SaSameUtil.checkCurrentRequestToken(); SaSameUtil.checkCurrentRequestToken();
@@ -44,4 +46,19 @@ public class SecurityConfiguration implements WebMvcConfigurer {
.setError(e -> SaResult.error("认证失败,无法访问系统资源").setCode(HttpStatus.UNAUTHORIZED)); .setError(e -> SaResult.error("认证失败,无法访问系统资源").setCode(HttpStatus.UNAUTHORIZED));
} }
/**
* 对 actuator 健康检查接口 做账号密码鉴权
*/
@Bean
public SaServletFilter actuatorFilter() {
String username = SpringUtils.getProperty("spring.cloud.nacos.discovery.metadata.username");
String password = SpringUtils.getProperty("spring.cloud.nacos.discovery.metadata.userpassword");
return new SaServletFilter()
.addInclude("/actuator", "/actuator/**")
.setAuth(obj -> {
SaHttpBasicUtil.check(username + ":" + password);
})
.setError(e -> SaResult.error(e.getMessage()).setCode(HttpStatus.UNAUTHORIZED));
}
} }

20
ruoyi-gateway/src/main/java/org/dromara/gateway/filter/AuthFilter.java
View File

@@ -1,12 +1,14 @@
package org.dromara.gateway.filter; package org.dromara.gateway.filter;
import cn.dev33.satoken.exception.NotLoginException; import cn.dev33.satoken.exception.NotLoginException;
import cn.dev33.satoken.httpauth.basic.SaHttpBasicUtil;
import cn.dev33.satoken.reactor.context.SaReactorSyncHolder; import cn.dev33.satoken.reactor.context.SaReactorSyncHolder;
import cn.dev33.satoken.reactor.filter.SaReactorFilter; import cn.dev33.satoken.reactor.filter.SaReactorFilter;
import cn.dev33.satoken.router.SaRouter; import cn.dev33.satoken.router.SaRouter;
import cn.dev33.satoken.stp.StpUtil; import cn.dev33.satoken.stp.StpUtil;
import cn.dev33.satoken.util.SaResult; import cn.dev33.satoken.util.SaResult;
import org.dromara.common.core.constant.HttpStatus; import org.dromara.common.core.constant.HttpStatus;
import org.dromara.common.core.utils.SpringUtils;
import org.dromara.common.core.utils.StringUtils; import org.dromara.common.core.utils.StringUtils;
import org.dromara.common.satoken.utils.LoginHelper; import org.dromara.common.satoken.utils.LoginHelper;
import org.dromara.gateway.config.properties.IgnoreWhiteProperties; import org.dromara.gateway.config.properties.IgnoreWhiteProperties;
@@ -30,7 +32,7 @@ public class AuthFilter {
return new SaReactorFilter() return new SaReactorFilter()
// 拦截地址 // 拦截地址
.addInclude("/**") .addInclude("/**")
.addExclude("/favicon.ico", "/actuator/**") .addExclude("/favicon.ico", "/actuator", "/actuator/**")
// 鉴权方法:每次访问进入 // 鉴权方法:每次访问进入
.setAuth(obj -> { .setAuth(obj -> {
// 登录校验 -- 拦截所有路由 // 登录校验 -- 拦截所有路由
@@ -65,4 +67,20 @@ public class AuthFilter {
return SaResult.error("认证失败,无法访问系统资源").setCode(HttpStatus.UNAUTHORIZED); return SaResult.error("认证失败,无法访问系统资源").setCode(HttpStatus.UNAUTHORIZED);
}); });
} }
/**
* 对 actuator 健康检查接口 做账号密码鉴权
*/
@Bean
public SaReactorFilter actuatorFilter() {
String username = SpringUtils.getProperty("spring.cloud.nacos.discovery.metadata.username");
String password = SpringUtils.getProperty("spring.cloud.nacos.discovery.metadata.userpassword");
return new SaReactorFilter()
.addInclude("/actuator", "/actuator/**")
.setAuth(obj -> {
SaHttpBasicUtil.check(username + ":" + password);
})
.setError(e -> SaResult.error(e.getMessage()).setCode(HttpStatus.UNAUTHORIZED));
}
} }

4
ruoyi-visual/ruoyi-monitor/src/main/java/org/dromara/modules/monitor/config/WebSecurityConfigurer.java
View File

@@ -39,9 +39,7 @@ public class WebSecurityConfigurer {
.authorizeHttpRequests((authorize) -> .authorizeHttpRequests((authorize) ->
authorize.requestMatchers( authorize.requestMatchers(
new AntPathRequestMatcher(adminContextPath + "/assets/**"), new AntPathRequestMatcher(adminContextPath + "/assets/**"),
new AntPathRequestMatcher(adminContextPath + "/login"), new AntPathRequestMatcher(adminContextPath + "/login")
new AntPathRequestMatcher("/actuator"),
new AntPathRequestMatcher("/actuator/**")
).permitAll() ).permitAll()
.anyRequest().authenticated()) .anyRequest().authenticated())
.formLogin((formLogin) -> .formLogin((formLogin) ->