add 增加 nacos sentinel snailjob 健康检查 actuator 账号密码认证
疯狂的狮子Li
6 months ago
parent
408d6dcac9
commit
e1e5f8e519
@ -0,0 +1,63 @@
|
||||
package com.alibaba.nacos.config;
|
||||
|
||||
import javax.servlet.*;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.Base64;
|
||||
|
||||
public class ActuatorAuthFilter implements Filter {
|
||||
|
||||
private final String username;
|
||||
private final String password;
|
||||
|
||||
public ActuatorAuthFilter(String username, String password) {
|
||||
this.username = username;
|
||||
this.password = password;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
|
||||
HttpServletRequest request = (HttpServletRequest) servletRequest;
|
||||
HttpServletResponse response = (HttpServletResponse) servletResponse;
|
||||
|
||||
// 获取 Authorization 头
|
||||
String authHeader = request.getHeader("Authorization");
|
||||
|
||||
if (authHeader == null || !authHeader.startsWith("Basic ")) {
|
||||
// 如果没有提供 Authorization 或者格式不对,则返回 401
|
||||
response.setHeader("WWW-Authenticate", "Basic realm=\"realm\"");
|
||||
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
|
||||
return;
|
||||
}
|
||||
|
||||
// 解码 Base64 编码的用户名和密码
|
||||
String base64Credentials = authHeader.substring("Basic ".length());
|
||||
byte[] credDecoded = Base64.getDecoder().decode(base64Credentials);
|
||||
String credentials = new String(credDecoded, StandardCharsets.UTF_8);
|
||||
String[] split = credentials.split(":");
|
||||
if (split.length != 2) {
|
||||
response.setHeader("WWW-Authenticate", "Basic realm=\"realm\"");
|
||||
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
|
||||
return;
|
||||
}
|
||||
// 验证用户名和密码
|
||||
if (!username.equals(split[0]) && password.equals(split[1])) {
|
||||
response.setHeader("WWW-Authenticate", "Basic realm=\"realm\"");
|
||||
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
|
||||
return;
|
||||
}
|
||||
// 如果认证成功,继续处理请求
|
||||
filterChain.doFilter(request, response);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void init(FilterConfig filterConfig) {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void destroy() {
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,29 @@
|
||||
package com.alibaba.nacos.config;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
/**
|
||||
* 权限安全配置
|
||||
*
|
||||
* @author Lion Li
|
||||
*/
|
||||
@Configuration
|
||||
public class SecurityConfig {
|
||||
|
||||
@Value("${spring.boot.admin.client.username}")
|
||||
private String username;
|
||||
@Value("${spring.boot.admin.client.password}")
|
||||
private String password;
|
||||
|
||||
@Bean
|
||||
public FilterRegistrationBean<ActuatorAuthFilter> actuatorFilterRegistrationBean() {
|
||||
FilterRegistrationBean<ActuatorAuthFilter> registrationBean = new FilterRegistrationBean<>();
|
||||
registrationBean.setFilter(new ActuatorAuthFilter(username, password));
|
||||
registrationBean.addUrlPatterns("/actuator", "/actuator/**");
|
||||
return registrationBean;
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,63 @@
|
||||
package com.alibaba.csp.sentinel.dashboard.filter;
|
||||
|
||||
import javax.servlet.*;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.Base64;
|
||||
|
||||
public class ActuatorAuthFilter implements Filter {
|
||||
|
||||
private final String username;
|
||||
private final String password;
|
||||
|
||||
public ActuatorAuthFilter(String username, String password) {
|
||||
this.username = username;
|
||||
this.password = password;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
|
||||
HttpServletRequest request = (HttpServletRequest) servletRequest;
|
||||
HttpServletResponse response = (HttpServletResponse) servletResponse;
|
||||
|
||||
// 获取 Authorization 头
|
||||
String authHeader = request.getHeader("Authorization");
|
||||
|
||||
if (authHeader == null || !authHeader.startsWith("Basic ")) {
|
||||
// 如果没有提供 Authorization 或者格式不对,则返回 401
|
||||
response.setHeader("WWW-Authenticate", "Basic realm=\"realm\"");
|
||||
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
|
||||
return;
|
||||
}
|
||||
|
||||
// 解码 Base64 编码的用户名和密码
|
||||
String base64Credentials = authHeader.substring("Basic ".length());
|
||||
byte[] credDecoded = Base64.getDecoder().decode(base64Credentials);
|
||||
String credentials = new String(credDecoded, StandardCharsets.UTF_8);
|
||||
String[] split = credentials.split(":");
|
||||
if (split.length != 2) {
|
||||
response.setHeader("WWW-Authenticate", "Basic realm=\"realm\"");
|
||||
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
|
||||
return;
|
||||
}
|
||||
// 验证用户名和密码
|
||||
if (!username.equals(split[0]) && password.equals(split[1])) {
|
||||
response.setHeader("WWW-Authenticate", "Basic realm=\"realm\"");
|
||||
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
|
||||
return;
|
||||
}
|
||||
// 如果认证成功,继续处理请求
|
||||
filterChain.doFilter(request, response);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void init(FilterConfig filterConfig) {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void destroy() {
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,29 @@
|
||||
package com.alibaba.csp.sentinel.dashboard.filter;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
/**
|
||||
* 权限安全配置
|
||||
*
|
||||
* @author Lion Li
|
||||
*/
|
||||
@Configuration
|
||||
public class SecurityConfig {
|
||||
|
||||
@Value("${spring.cloud.nacos.discovery.metadata.username}")
|
||||
private String username;
|
||||
@Value("${spring.cloud.nacos.discovery.metadata.userpassword}")
|
||||
private String password;
|
||||
|
||||
@Bean
|
||||
public FilterRegistrationBean<ActuatorAuthFilter> actuatorFilterRegistrationBean() {
|
||||
FilterRegistrationBean<ActuatorAuthFilter> registrationBean = new FilterRegistrationBean<>();
|
||||
registrationBean.setFilter(new ActuatorAuthFilter(username, password));
|
||||
registrationBean.addUrlPatterns("/actuator", "/actuator/**");
|
||||
return registrationBean;
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,64 @@
|
||||
package com.aizuda.snailjob.server.starter.config;
|
||||
|
||||
import jakarta.servlet.*;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.Base64;
|
||||
|
||||
public class ActuatorAuthFilter implements Filter {
|
||||
|
||||
private final String username;
|
||||
private final String password;
|
||||
|
||||
public ActuatorAuthFilter(String username, String password) {
|
||||
this.username = username;
|
||||
this.password = password;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
|
||||
HttpServletRequest request = (HttpServletRequest) servletRequest;
|
||||
HttpServletResponse response = (HttpServletResponse) servletResponse;
|
||||
|
||||
// 获取 Authorization 头
|
||||
String authHeader = request.getHeader("Authorization");
|
||||
|
||||
if (authHeader == null || !authHeader.startsWith("Basic ")) {
|
||||
// 如果没有提供 Authorization 或者格式不对,则返回 401
|
||||
response.setHeader("WWW-Authenticate", "Basic realm=\"realm\"");
|
||||
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
|
||||
return;
|
||||
}
|
||||
|
||||
// 解码 Base64 编码的用户名和密码
|
||||
String base64Credentials = authHeader.substring("Basic ".length());
|
||||
byte[] credDecoded = Base64.getDecoder().decode(base64Credentials);
|
||||
String credentials = new String(credDecoded, StandardCharsets.UTF_8);
|
||||
String[] split = credentials.split(":");
|
||||
if (split.length != 2) {
|
||||
response.setHeader("WWW-Authenticate", "Basic realm=\"realm\"");
|
||||
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
|
||||
return;
|
||||
}
|
||||
// 验证用户名和密码
|
||||
if (!username.equals(split[0]) && password.equals(split[1])) {
|
||||
response.setHeader("WWW-Authenticate", "Basic realm=\"realm\"");
|
||||
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
|
||||
return;
|
||||
}
|
||||
// 如果认证成功,继续处理请求
|
||||
filterChain.doFilter(request, response);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void init(FilterConfig filterConfig) {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void destroy() {
|
||||
}
|
||||
|
||||
}
|
||||
@ -0,0 +1,29 @@
|
||||
package com.aizuda.snailjob.server.starter.config;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
/**
|
||||
* 权限安全配置
|
||||
*
|
||||
* @author Lion Li
|
||||
*/
|
||||
@Configuration
|
||||
public class SecurityConfig {
|
||||
|
||||
@Value("${spring.cloud.nacos.discovery.metadata.username}")
|
||||
private String username;
|
||||
@Value("${spring.cloud.nacos.discovery.metadata.userpassword}")
|
||||
private String password;
|
||||
|
||||
@Bean
|
||||
public FilterRegistrationBean<ActuatorAuthFilter> actuatorFilterRegistrationBean() {
|
||||
FilterRegistrationBean<ActuatorAuthFilter> registrationBean = new FilterRegistrationBean<>();
|
||||
registrationBean.setFilter(new ActuatorAuthFilter(username, password));
|
||||
registrationBean.addUrlPatterns("/actuator", "/actuator/**");
|
||||
return registrationBean;
|
||||
}
|
||||
|
||||
}
|
||||
Loading…
Reference in New Issue