diff --git a/ruoyi-extend/ruoyi-monitor-admin/src/main/java/org/dromara/monitor/admin/config/SecurityConfig.java b/ruoyi-extend/ruoyi-monitor-admin/src/main/java/org/dromara/monitor/admin/config/SecurityConfig.java index 4bd37ffa..3f5dec82 100644 --- a/ruoyi-extend/ruoyi-monitor-admin/src/main/java/org/dromara/monitor/admin/config/SecurityConfig.java +++ b/ruoyi-extend/ruoyi-monitor-admin/src/main/java/org/dromara/monitor/admin/config/SecurityConfig.java @@ -3,10 +3,14 @@ package org.dromara.monitor.admin.config; import de.codecentric.boot.admin.server.config.AdminServerProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; /** * admin 监控 安全配置 @@ -30,23 +34,23 @@ public class SecurityConfig { successHandler.setDefaultTargetUrl(adminContextPath + "/"); return httpSecurity - .headers().frameOptions().disable() - .and().authorizeHttpRequests() - .requestMatchers(adminContextPath + "/assets/**" - , adminContextPath + "/login" - , "/actuator" - , "/actuator/**" - ).permitAll() - .anyRequest().authenticated() - .and() - .formLogin().loginPage(adminContextPath + "/login") - .successHandler(successHandler).and() - .logout().logoutUrl(adminContextPath + "/logout") - .and() - .httpBasic().and() - .csrf() - .disable() - .build(); + .headers((header) -> + header.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable)) + .authorizeHttpRequests((authorize) -> + authorize.requestMatchers( + new AntPathRequestMatcher(adminContextPath + "/assets/**"), + new AntPathRequestMatcher(adminContextPath + "/login"), + new AntPathRequestMatcher("/actuator"), + new AntPathRequestMatcher("/actuator/**") + ).permitAll() + .anyRequest().authenticated()) + .formLogin((formLogin) -> + formLogin.loginPage(adminContextPath + "/login").successHandler(successHandler)) + .logout((logout) -> + logout.logoutUrl(adminContextPath + "/logout")) + .httpBasic(Customizer.withDefaults()) + .csrf(AbstractHttpConfigurer::disable) + .build(); } }