From 0c09adfe0a69b00df83e347e1e95864d07e7abba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=96=AF=E7=8B=82=E7=9A=84=E7=8B=AE=E5=AD=90Li?=
 <15040126243@163.com>
Date: Fri, 28 Jul 2023 15:37:49 +0800
Subject: [PATCH] =?UTF-8?q?update=20=E4=BC=98=E5=8C=96=20=E8=BF=87?=
 =?UTF-8?q?=E6=9C=9F=E7=9A=84=20Security=20=E6=96=B9=E6=B3=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../monitor/admin/config/SecurityConfig.java  | 38 ++++++++++---------
 1 file changed, 21 insertions(+), 17 deletions(-)

diff --git a/ruoyi-extend/ruoyi-monitor-admin/src/main/java/org/dromara/monitor/admin/config/SecurityConfig.java b/ruoyi-extend/ruoyi-monitor-admin/src/main/java/org/dromara/monitor/admin/config/SecurityConfig.java
index 4bd37ffa..3f5dec82 100644
--- a/ruoyi-extend/ruoyi-monitor-admin/src/main/java/org/dromara/monitor/admin/config/SecurityConfig.java
+++ b/ruoyi-extend/ruoyi-monitor-admin/src/main/java/org/dromara/monitor/admin/config/SecurityConfig.java
@@ -3,10 +3,14 @@ package org.dromara.monitor.admin.config;
 import de.codecentric.boot.admin.server.config.AdminServerProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 /**
  * admin 监控 安全配置
@@ -30,23 +34,23 @@ public class SecurityConfig {
         successHandler.setDefaultTargetUrl(adminContextPath + "/");
 
         return httpSecurity
-                .headers().frameOptions().disable()
-                .and().authorizeHttpRequests()
-                .requestMatchers(adminContextPath + "/assets/**"
-                    , adminContextPath + "/login"
-                    , "/actuator"
-                    , "/actuator/**"
-                ).permitAll()
-                .anyRequest().authenticated()
-                .and()
-                .formLogin().loginPage(adminContextPath + "/login")
-                .successHandler(successHandler).and()
-                .logout().logoutUrl(adminContextPath + "/logout")
-                .and()
-                .httpBasic().and()
-                .csrf()
-                .disable()
-                .build();
+            .headers((header) ->
+                header.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
+            .authorizeHttpRequests((authorize) ->
+                authorize.requestMatchers(
+                        new AntPathRequestMatcher(adminContextPath + "/assets/**"),
+                        new AntPathRequestMatcher(adminContextPath + "/login"),
+                        new AntPathRequestMatcher("/actuator"),
+                        new AntPathRequestMatcher("/actuator/**")
+                    ).permitAll()
+                    .anyRequest().authenticated())
+            .formLogin((formLogin) ->
+                formLogin.loginPage(adminContextPath + "/login").successHandler(successHandler))
+            .logout((logout) ->
+                logout.logoutUrl(adminContextPath + "/logout"))
+            .httpBasic(Customizer.withDefaults())
+            .csrf(AbstractHttpConfigurer::disable)
+            .build();
     }
 
 }