diff --git a/config/nacos/application-common.yml b/config/nacos/application-common.yml index c3ff3454..4a685cbc 100644 --- a/config/nacos/application-common.yml +++ b/config/nacos/application-common.yml @@ -70,6 +70,12 @@ spring: # 允许对象忽略json中不存在的属性 fail_on_unknown_properties: false cloud: + nacos: + discovery: + metadata: + # admin 监控账号密码 + username: ruoyi + userpassword: 123456 # sentinel 配置 sentinel: # sentinel 开关 diff --git a/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfiguration.java b/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfiguration.java index efd34fc2..fb1b39a0 100644 --- a/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfiguration.java +++ b/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfiguration.java @@ -2,10 +2,12 @@ package org.dromara.common.security.config; import cn.dev33.satoken.SaManager; import cn.dev33.satoken.filter.SaServletFilter; +import cn.dev33.satoken.httpauth.basic.SaHttpBasicUtil; import cn.dev33.satoken.interceptor.SaInterceptor; import cn.dev33.satoken.same.SaSameUtil; import cn.dev33.satoken.util.SaResult; import org.dromara.common.core.constant.HttpStatus; +import org.dromara.common.core.utils.SpringUtils; import org.springframework.boot.autoconfigure.AutoConfiguration; import org.springframework.context.annotation.Bean; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; @@ -35,7 +37,7 @@ public class SecurityConfiguration implements WebMvcConfigurer { public SaServletFilter getSaServletFilter() { return new SaServletFilter() .addInclude("/**") - .addExclude("/actuator/**") + .addExclude("/actuator", "/actuator/**") .setAuth(obj -> { if (SaManager.getConfig().getCheckSameToken()) { SaSameUtil.checkCurrentRequestToken(); @@ -44,4 +46,19 @@ public class SecurityConfiguration implements WebMvcConfigurer { .setError(e -> SaResult.error("认证失败,无法访问系统资源").setCode(HttpStatus.UNAUTHORIZED)); } + /** + * 对 actuator 健康检查接口 做账号密码鉴权 + */ + @Bean + public SaServletFilter actuatorFilter() { + String username = SpringUtils.getProperty("spring.cloud.nacos.discovery.metadata.username"); + String password = SpringUtils.getProperty("spring.cloud.nacos.discovery.metadata.userpassword"); + return new SaServletFilter() + .addInclude("/actuator", "/actuator/**") + .setAuth(obj -> { + SaHttpBasicUtil.check(username + ":" + password); + }) + .setError(e -> SaResult.error(e.getMessage()).setCode(HttpStatus.UNAUTHORIZED)); + } + } diff --git a/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/AuthFilter.java b/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/AuthFilter.java index 943b0bad..d3dbba34 100644 --- a/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/AuthFilter.java +++ b/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/AuthFilter.java @@ -1,12 +1,14 @@ package org.dromara.gateway.filter; import cn.dev33.satoken.exception.NotLoginException; +import cn.dev33.satoken.httpauth.basic.SaHttpBasicUtil; import cn.dev33.satoken.reactor.context.SaReactorSyncHolder; import cn.dev33.satoken.reactor.filter.SaReactorFilter; import cn.dev33.satoken.router.SaRouter; import cn.dev33.satoken.stp.StpUtil; import cn.dev33.satoken.util.SaResult; import org.dromara.common.core.constant.HttpStatus; +import org.dromara.common.core.utils.SpringUtils; import org.dromara.common.core.utils.StringUtils; import org.dromara.common.satoken.utils.LoginHelper; import org.dromara.gateway.config.properties.IgnoreWhiteProperties; @@ -30,7 +32,7 @@ public class AuthFilter { return new SaReactorFilter() // 拦截地址 .addInclude("/**") - .addExclude("/favicon.ico", "/actuator/**") + .addExclude("/favicon.ico", "/actuator", "/actuator/**") // 鉴权方法:每次访问进入 .setAuth(obj -> { // 登录校验 -- 拦截所有路由 @@ -65,4 +67,20 @@ public class AuthFilter { return SaResult.error("认证失败,无法访问系统资源").setCode(HttpStatus.UNAUTHORIZED); }); } + + /** + * 对 actuator 健康检查接口 做账号密码鉴权 + */ + @Bean + public SaReactorFilter actuatorFilter() { + String username = SpringUtils.getProperty("spring.cloud.nacos.discovery.metadata.username"); + String password = SpringUtils.getProperty("spring.cloud.nacos.discovery.metadata.userpassword"); + return new SaReactorFilter() + .addInclude("/actuator", "/actuator/**") + .setAuth(obj -> { + SaHttpBasicUtil.check(username + ":" + password); + }) + .setError(e -> SaResult.error(e.getMessage()).setCode(HttpStatus.UNAUTHORIZED)); + } + } diff --git a/ruoyi-visual/ruoyi-monitor/src/main/java/org/dromara/modules/monitor/config/WebSecurityConfigurer.java b/ruoyi-visual/ruoyi-monitor/src/main/java/org/dromara/modules/monitor/config/WebSecurityConfigurer.java index 686200b8..994ca73c 100644 --- a/ruoyi-visual/ruoyi-monitor/src/main/java/org/dromara/modules/monitor/config/WebSecurityConfigurer.java +++ b/ruoyi-visual/ruoyi-monitor/src/main/java/org/dromara/modules/monitor/config/WebSecurityConfigurer.java @@ -39,9 +39,7 @@ public class WebSecurityConfigurer { .authorizeHttpRequests((authorize) -> authorize.requestMatchers( new AntPathRequestMatcher(adminContextPath + "/assets/**"), - new AntPathRequestMatcher(adminContextPath + "/login"), - new AntPathRequestMatcher("/actuator"), - new AntPathRequestMatcher("/actuator/**") + new AntPathRequestMatcher(adminContextPath + "/login") ).permitAll() .anyRequest().authenticated()) .formLogin((formLogin) ->