Yudao单体项目 springboot Admin安全验证开启
1. YudaoWebSecurityConfigurerAdapter中:
注释掉
/*** 由于 Spring Security 创建 AuthenticationManager 对象时,没声明 @Bean 注解,导致无法被注入* 通过覆写父类的该方法,添加 @Bean 注解,解决该问题*/
// @Bean
// public AuthenticationManager authenticationManagerBean(AuthenticationConfiguration authenticationConfiguration) throws Exception {
// return authenticationConfiguration.getAuthenticationManager();
// }新增
// 配置Admin路径的过滤器链(高优先级)@Order(Ordered.HIGHEST_PRECEDENCE)@Beanpublic SecurityFilterChain adminSecurityFilterChain(HttpSecurity http) throws Exception {String adminContextPath = "/admin";SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();successHandler.setTargetUrlParameter("redirectTo");successHandler.setDefaultTargetUrl(adminContextPath + "/");http.securityMatchers(matchers -> matchers.requestMatchers(adminContextPath + "/**")).authorizeHttpRequests(auth -> auth.requestMatchers(adminContextPath + "/assets/**").permitAll().requestMatchers(adminContextPath + "/login").permitAll().anyRequest().hasRole("ADMIN")).formLogin(form -> form.loginPage(adminContextPath + "/login").loginProcessingUrl(adminContextPath + "/login").successHandler(successHandler)).logout(logout -> logout.logoutUrl(adminContextPath + "/logout").logoutSuccessUrl(adminContextPath + "/login?logout")).httpBasic(withDefaults()).csrf(csrf -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).ignoringRequestMatchers(adminContextPath + "/instances",adminContextPath + "/actuator/**")).rememberMe(rememberMe -> rememberMe.key(UUID.randomUUID().toString()).tokenValiditySeconds(1209600)).sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.ALWAYS));return http.build();}修改:
@Bean
@Order(Ordered.LOWEST_PRECEDENCE) // 新增:优先级低
protected SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {...}2. Infra 模块中SecurityConfiguration中:
注释掉:
// Spring Boot Admin Server 的安全配置
registry.requestMatchers(adminSeverContextPath).permitAll().requestMatchers(adminSeverContextPath + "/**").permitAll();3. TokenAuthenticationFilter中:
@Override@SuppressWarnings("NullableProblems")protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)throws ServletException, IOException {String token = SecurityFrameworkUtils.obtainAuthorization(request,securityProperties.getTokenHeader(), securityProperties.getTokenParameter());// 新增以下代码 if (request.getRequestURI().startsWith("/admin/")) {chain.doFilter(request, response);return;}...4. application.yaml
spring:security:user:name: adminpassword: $2a$10$12i5oKpeTFgyziHNeSGhOeJJy6 # bcrypt加密roles: ADMIN5. application-local.yaml
# Spring Boot Admin 配置项
spring:boot:admin:# Spring Boot Admin Client 客户端的相关配置client:url: http://127.0.0.1:${server.port}/${spring.boot.admin.context-path} # 设置 Spring Boot Admin Server 地址instance:service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]username: adminpassword: ***# Spring Boot Admin Server 服务端的相关配置context-path: /admin # 配置 Spring
注意,如果是配置的nginx反代https请求,则上面的application-local.yaml需要配置:
# Spring Boot Admin 配置项
spring:boot:admin:ui:public-url: https://xx.xxxxx.cn/${spring.boot.admin.context-path}# Spring Boot Admin Client 客户端的相关配置client:url: https://xx.xxxxx.cn/${spring.boot.admin.context-path} # 设置 Spring Boot Admin Server 地址instance:service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]username: adminpassword: ***# Spring Boot Admin Server 服务端的相关配置context-path: /wz-admin # 配置 Spring