兰宝车间质量管理系统
上一版本: e86765c6 | 补丁 | 提交 | 忽略空白
疯狂的狮子Li
2023-07-28 0c09adfe0a69b00df83e347e1e95864d07e7abba 
update 优化 过期的 Security 方法
已修改1个文件
38 ■■■■■ 文件已修改
ruoyi-extend/ruoyi-monitor-admin/src/main/java/org/dromara/monitor/admin/config/SecurityConfig.java 38 ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 
 ruoyi-extend/ruoyi-monitor-admin/src/main/java/org/dromara/monitor/admin/config/SecurityConfig.java


@@ -3,10 +3,14 @@


import de.codecentric.boot.admin.server.config.AdminServerProperties;


import org.springframework.context.annotation.Bean;


import org.springframework.context.annotation.Configuration;


import org.springframework.security.config.Customizer;


import org.springframework.security.config.annotation.web.builders.HttpSecurity;


import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;


import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;


import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;


import org.springframework.security.web.SecurityFilterChain;


import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;


import org.springframework.security.web.util.matcher.AntPathRequestMatcher;




/**


 * admin 监控 安全配置


@@ -30,23 +34,23 @@


        successHandler.setDefaultTargetUrl(adminContextPath + "/");




        return httpSecurity


                .headers().frameOptions().disable()


                .and().authorizeHttpRequests()


                .requestMatchers(adminContextPath + "/assets/**"


                    , adminContextPath + "/login"


                    , "/actuator"


                    , "/actuator/**"


                ).permitAll()


                .anyRequest().authenticated()


                .and()


                .formLogin().loginPage(adminContextPath + "/login")


                .successHandler(successHandler).and()


                .logout().logoutUrl(adminContextPath + "/logout")


                .and()


                .httpBasic().and()


                .csrf()


                .disable()


                .build();


            .headers((header) ->


                header.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))


            .authorizeHttpRequests((authorize) ->


                authorize.requestMatchers(


                        new AntPathRequestMatcher(adminContextPath + "/assets/**"),


                        new AntPathRequestMatcher(adminContextPath + "/login"),


                        new AntPathRequestMatcher("/actuator"),


                        new AntPathRequestMatcher("/actuator/**")


                    ).permitAll()


                    .anyRequest().authenticated())


            .formLogin((formLogin) ->


                formLogin.loginPage(adminContextPath + "/login").successHandler(successHandler))


            .logout((logout) ->


                logout.logoutUrl(adminContextPath + "/logout"))


            .httpBasic(Customizer.withDefaults())


            .csrf(AbstractHttpConfigurer::disable)


            .build();


    }




}