update 修改 健康检查权限 改为用户放行 提高安全性

疯狂的狮子li

2021-12-07 09dfb25d735d26e08b81307515ec32708016da33

update 修改 健康检查权限 改为用户放行 提高安全性

 ruoyi-admin/src/main/resources/application.yml

@@ -120,11 +120,11 @@
    - /*/api-docs
    # druid 监控配置
    - /druid/**
  # 用户放行
  permit-all:
    # actuator 监控配置
    - /actuator
    - /actuator/**
  # 用户放行
  permit-all:

# 重复提交
repeat-submit:

 ruoyi-extend/ruoyi-monitor-admin/src/main/java/com/ruoyi/monitor/admin/config/SecurityConfig.java

@@ -2,7 +2,6 @@

import de.codecentric.boot.admin.server.config.AdminServerProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@@ -15,7 +14,6 @@
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, proxyTargetClass = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private final String adminContextPath;
@@ -34,8 +32,8 @@
            //授予对所有静态资产和登录页面的公共访问权限。
            .antMatchers(adminContextPath + "/assets/**").permitAll()
            .antMatchers(adminContextPath + "/login").permitAll()
            .antMatchers("/actuator").anonymous()
            .antMatchers("/actuator/**").anonymous()
            .antMatchers("/actuator").permitAll()
            .antMatchers("/actuator/**").permitAll()
            //必须对每个其他请求进行身份验证
            .anyRequest().authenticated().and()
            //配置登录和注销