- YudaoWebSecurityConfigurerAdapter中:
注释掉
java
/**
* 由于 Spring Security 创建 AuthenticationManager 对象时,没声明 @Bean 注解,导致无法被注入
* 通过覆写父类的该方法,添加 @Bean 注解,解决该问题
*/
// @Bean
// public AuthenticationManager authenticationManagerBean(AuthenticationConfiguration authenticationConfiguration) throws Exception {
// return authenticationConfiguration.getAuthenticationManager();
// }新增
java
// 配置Admin路径的过滤器链(高优先级)
@Order(Ordered.HIGHEST_PRECEDENCE)
@Bean
public SecurityFilterChain adminSecurityFilterChain(HttpSecurity http) throws Exception {
String adminContextPath = "/admin";
SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
successHandler.setTargetUrlParameter("redirectTo");
successHandler.setDefaultTargetUrl(adminContextPath + "/");
http
.securityMatchers(matchers -> matchers
.requestMatchers(adminContextPath + "/**")
)
.authorizeHttpRequests(auth -> auth
.requestMatchers(adminContextPath + "/assets/**").permitAll()
.requestMatchers(adminContextPath + "/login").permitAll()
.anyRequest().hasRole("ADMIN")
)
.formLogin(form -> form
.loginPage(adminContextPath + "/login")
.loginProcessingUrl(adminContextPath + "/login")
.successHandler(successHandler)
)
.logout(logout -> logout
.logoutUrl(adminContextPath + "/logout")
.logoutSuccessUrl(adminContextPath + "/login?logout")
)
.httpBasic(withDefaults())
.csrf(csrf -> csrf
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.ignoringRequestMatchers(
adminContextPath + "/instances",
adminContextPath + "/actuator/**"
)
)
.rememberMe(rememberMe -> rememberMe
.key(UUID.randomUUID().toString())
.tokenValiditySeconds(1209600)
)
.sessionManagement(session -> session
.sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
);
return http.build();
}修改:
java
@Bean
@Order(Ordered.LOWEST_PRECEDENCE) // 新增:优先级低
protected SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {...}- Infra 模块中SecurityConfiguration中:
注释掉:
java
// Spring Boot Admin Server 的安全配置
registry.requestMatchers(adminSeverContextPath).permitAll()
.requestMatchers(adminSeverContextPath + "/**").permitAll();- TokenAuthenticationFilter中:
java
@Override
@SuppressWarnings("NullableProblems")
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws ServletException, IOException {
String token = SecurityFrameworkUtils.obtainAuthorization(request,
securityProperties.getTokenHeader(), securityProperties.getTokenParameter());
// 新增以下代码
if (request.getRequestURI().startsWith("/admin/")) {
chain.doFilter(request, response);
return;
}
...- application.yaml
java
spring:
security:
user:
name: admin
password: $2a$10$12i5oKpeTFgyziHNeSGhOeJJy6 # bcrypt加密
roles: ADMIN- application-local.yaml
java
# Spring Boot Admin 配置项
spring:
boot:
admin:
# Spring Boot Admin Client 客户端的相关配置
client:
url: http://127.0.0.1:${server.port}/${spring.boot.admin.context-path} # 设置 Spring Boot Admin Server 地址
instance:
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
username: admin
password: ***
# Spring Boot Admin Server 服务端的相关配置
context-path: /admin # 配置 Spring注意,如果是配置的nginx反代https请求,则上面的application-local.yaml需要配置:
# Spring Boot Admin 配置项
spring:
boot:
admin:
ui:
public-url: https://xx.xxxxx.cn/${spring.boot.admin.context-path}
# Spring Boot Admin Client 客户端的相关配置
client:
url: https://xx.xxxxx.cn/${spring.boot.admin.context-path} # 设置 Spring Boot Admin Server 地址
instance:
service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
username: admin
password: ***
# Spring Boot Admin Server 服务端的相关配置
context-path: /wz-admin # 配置 Spring