update 优化 过期的 Security 方法

feature/model
疯狂的狮子Li 1 year ago
parent e86765c6bc
commit 0c09adfe0a

@ -3,10 +3,14 @@ package org.dromara.monitor.admin.config;
import de.codecentric.boot.admin.server.config.AdminServerProperties; import de.codecentric.boot.admin.server.config.AdminServerProperties;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
/** /**
* admin * admin
@ -30,23 +34,23 @@ public class SecurityConfig {
successHandler.setDefaultTargetUrl(adminContextPath + "/"); successHandler.setDefaultTargetUrl(adminContextPath + "/");
return httpSecurity return httpSecurity
.headers().frameOptions().disable() .headers((header) ->
.and().authorizeHttpRequests() header.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
.requestMatchers(adminContextPath + "/assets/**" .authorizeHttpRequests((authorize) ->
, adminContextPath + "/login" authorize.requestMatchers(
, "/actuator" new AntPathRequestMatcher(adminContextPath + "/assets/**"),
, "/actuator/**" new AntPathRequestMatcher(adminContextPath + "/login"),
).permitAll() new AntPathRequestMatcher("/actuator"),
.anyRequest().authenticated() new AntPathRequestMatcher("/actuator/**")
.and() ).permitAll()
.formLogin().loginPage(adminContextPath + "/login") .anyRequest().authenticated())
.successHandler(successHandler).and() .formLogin((formLogin) ->
.logout().logoutUrl(adminContextPath + "/logout") formLogin.loginPage(adminContextPath + "/login").successHandler(successHandler))
.and() .logout((logout) ->
.httpBasic().and() logout.logoutUrl(adminContextPath + "/logout"))
.csrf() .httpBasic(Customizer.withDefaults())
.disable() .csrf(AbstractHttpConfigurer::disable)
.build(); .build();
} }
} }

Loading…
Cancel
Save