From f1208474f771a1c233d7425c8ed13fbaa0d521ac Mon Sep 17 00:00:00 2001
From: baoshiwei <baoshiwei@shlanbao.cn>
Date: 星期三, 12 三月 2025 09:35:13 +0800
Subject: [PATCH] Merge remote-tracking branch 'origin/5.X' into 5.X
---
ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfig.java | 35 +++++++++++++++++++++++++++++++++--
1 files changed, 33 insertions(+), 2 deletions(-)
diff --git a/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfig.java b/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfig.java
index b9283e0..a4e921f 100644
--- a/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfig.java
+++ b/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfig.java
@@ -1,11 +1,17 @@
package org.dromara.common.security.config;
import cn.dev33.satoken.exception.NotLoginException;
+import cn.dev33.satoken.filter.SaServletFilter;
+import cn.dev33.satoken.httpauth.basic.SaHttpBasicUtil;
import cn.dev33.satoken.interceptor.SaInterceptor;
import cn.dev33.satoken.router.SaRouter;
import cn.dev33.satoken.stp.StpUtil;
+import cn.dev33.satoken.util.SaResult;
+import jakarta.servlet.http.HttpServletRequest;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
+import org.dromara.common.core.constant.HttpStatus;
+import org.dromara.common.core.exception.SseException;
import org.dromara.common.core.utils.ServletUtils;
import org.dromara.common.core.utils.SpringUtils;
import org.dromara.common.core.utils.StringUtils;
@@ -14,6 +20,7 @@
import org.dromara.common.security.handler.AllUrlHandler;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Bean;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@@ -45,11 +52,20 @@
.match(allUrlHandler.getUrls())
// 瀵规湭鎺掗櫎鐨勮矾寰勮繘琛屾鏌�
.check(() -> {
+ HttpServletRequest request = ServletUtils.getRequest();
// 妫�鏌ユ槸鍚︾櫥褰� 鏄惁鏈塼oken
- StpUtil.checkLogin();
+ try {
+ StpUtil.checkLogin();
+ } catch (NotLoginException e) {
+ if (request.getRequestURI().contains("sse")) {
+ throw new SseException(e.getMessage(), e.getCode());
+ } else {
+ throw e;
+ }
+ }
// 妫�鏌� header 涓� param 閲岀殑 clientid 涓� token 閲岀殑鏄惁涓�鑷�
- String headerCid = ServletUtils.getRequest().getHeader(LoginHelper.CLIENT_KEY);
+ String headerCid = request.getHeader(LoginHelper.CLIENT_KEY);
String paramCid = ServletUtils.getParameter(LoginHelper.CLIENT_KEY);
String clientId = StpUtil.getExtra(LoginHelper.CLIENT_KEY).toString();
if (!StringUtils.equalsAny(clientId, headerCid, paramCid)) {
@@ -71,4 +87,19 @@
.excludePathPatterns(securityProperties.getExcludes());
}
+ /**
+ * 瀵� actuator 鍋ュ悍妫�鏌ユ帴鍙� 鍋氳处鍙峰瘑鐮侀壌鏉�
+ */
+ @Bean
+ public SaServletFilter getSaServletFilter() {
+ String username = SpringUtils.getProperty("spring.boot.admin.client.username");
+ String password = SpringUtils.getProperty("spring.boot.admin.client.password");
+ return new SaServletFilter()
+ .addInclude("/actuator", "/actuator/**")
+ .setAuth(obj -> {
+ SaHttpBasicUtil.check(username + ":" + password);
+ })
+ .setError(e -> SaResult.error(e.getMessage()).setCode(HttpStatus.UNAUTHORIZED));
+ }
+
}
--
Gitblit v1.9.3