From 09dfb25d735d26e08b81307515ec32708016da33 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子li <15040126243@163.com>
Date: 星期二, 07 十二月 2021 12:20:21 +0800
Subject: [PATCH] update 修改 健康检查权限 改为用户放行 提高安全性

---
 ruoyi-admin/src/main/resources/application.yml                                                    |    4 ++--
 ruoyi-extend/ruoyi-monitor-admin/src/main/java/com/ruoyi/monitor/admin/config/SecurityConfig.java |    6 ++----
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/ruoyi-admin/src/main/resources/application.yml b/ruoyi-admin/src/main/resources/application.yml
index f7ef633..abaf6d6 100644
--- a/ruoyi-admin/src/main/resources/application.yml
+++ b/ruoyi-admin/src/main/resources/application.yml
@@ -120,11 +120,11 @@
     - /*/api-docs
     # druid 鐩戞帶閰嶇疆
     - /druid/**
+  # 鐢ㄦ埛鏀捐
+  permit-all:
     # actuator 鐩戞帶閰嶇疆
     - /actuator
     - /actuator/**
-  # 鐢ㄦ埛鏀捐
-  permit-all:
 
 # 閲嶅鎻愪氦
 repeat-submit:
diff --git a/ruoyi-extend/ruoyi-monitor-admin/src/main/java/com/ruoyi/monitor/admin/config/SecurityConfig.java b/ruoyi-extend/ruoyi-monitor-admin/src/main/java/com/ruoyi/monitor/admin/config/SecurityConfig.java
index 7335e2f..04a0fde 100644
--- a/ruoyi-extend/ruoyi-monitor-admin/src/main/java/com/ruoyi/monitor/admin/config/SecurityConfig.java
+++ b/ruoyi-extend/ruoyi-monitor-admin/src/main/java/com/ruoyi/monitor/admin/config/SecurityConfig.java
@@ -2,7 +2,6 @@
 
 import de.codecentric.boot.admin.server.config.AdminServerProperties;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@@ -15,7 +14,6 @@
  */
 @Configuration
 @EnableWebSecurity
-@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, proxyTargetClass = true)
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
 	private final String adminContextPath;
@@ -34,8 +32,8 @@
 			//鎺堜簣瀵规墍鏈夐潤鎬佽祫浜у拰鐧诲綍椤甸潰鐨勫叕鍏辫闂潈闄愩��
 			.antMatchers(adminContextPath + "/assets/**").permitAll()
 			.antMatchers(adminContextPath + "/login").permitAll()
-            .antMatchers("/actuator").anonymous()
-            .antMatchers("/actuator/**").anonymous()
+            .antMatchers("/actuator").permitAll()
+            .antMatchers("/actuator/**").permitAll()
 			//蹇呴』瀵规瘡涓叾浠栬姹傝繘琛岃韩浠介獙璇�
 			.anyRequest().authenticated().and()
 			//閰嶇疆鐧诲綍鍜屾敞閿�

--
Gitblit v1.9.3