Yudao单体项目 springboot Admin安全验证开启

多云几多2025-10-14 2:07
  1. YudaoWebSecurityConfigurerAdapter中:

注释掉

java 复制代码 
    /**
     * 由于 Spring Security 创建 AuthenticationManager 对象时,没声明 @Bean 注解,导致无法被注入
     * 通过覆写父类的该方法,添加 @Bean 注解,解决该问题
     */
//    @Bean
//    public AuthenticationManager authenticationManagerBean(AuthenticationConfiguration authenticationConfiguration) throws Exception {
//        return authenticationConfiguration.getAuthenticationManager();
//    }

新增

java 复制代码 
// 配置Admin路径的过滤器链(高优先级)
    @Order(Ordered.HIGHEST_PRECEDENCE)
    @Bean
    public SecurityFilterChain adminSecurityFilterChain(HttpSecurity http) throws Exception {
        String adminContextPath = "/admin";

        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        successHandler.setTargetUrlParameter("redirectTo");
        successHandler.setDefaultTargetUrl(adminContextPath + "/");

        http
                .securityMatchers(matchers -> matchers
                        .requestMatchers(adminContextPath + "/**")
                )
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers(adminContextPath + "/assets/**").permitAll()
                        .requestMatchers(adminContextPath + "/login").permitAll()
                        .anyRequest().hasRole("ADMIN")
                )
                .formLogin(form -> form
                        .loginPage(adminContextPath + "/login")
                        .loginProcessingUrl(adminContextPath + "/login")
                        .successHandler(successHandler)
                )
                .logout(logout -> logout
                        .logoutUrl(adminContextPath + "/logout")
                        .logoutSuccessUrl(adminContextPath + "/login?logout")
                )
                .httpBasic(withDefaults())
                .csrf(csrf -> csrf
                        .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
                        .ignoringRequestMatchers(
                                adminContextPath + "/instances",
                                adminContextPath + "/actuator/**"
                        )
                )
                .rememberMe(rememberMe -> rememberMe
                        .key(UUID.randomUUID().toString())
                        .tokenValiditySeconds(1209600)
                )
                .sessionManagement(session -> session
                        .sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
                );

        return http.build();
    }

修改:

java 复制代码 
@Bean
@Order(Ordered.LOWEST_PRECEDENCE) // 新增:优先级低
protected SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {...}
  1. Infra 模块中SecurityConfiguration中:

注释掉:

java 复制代码 
// Spring Boot Admin Server 的安全配置
registry.requestMatchers(adminSeverContextPath).permitAll()
        .requestMatchers(adminSeverContextPath + "/**").permitAll();
  1. TokenAuthenticationFilter中:
java 复制代码 
@Override
    @SuppressWarnings("NullableProblems")
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
            throws ServletException, IOException {
        String token = SecurityFrameworkUtils.obtainAuthorization(request,
                securityProperties.getTokenHeader(), securityProperties.getTokenParameter());
    // 新增以下代码    
    if (request.getRequestURI().startsWith("/admin/")) {
            chain.doFilter(request, response);
            return;
        }
   
    ...
  1. application.yaml
java 复制代码 
spring:
  security:
    user:
      name: admin
      password: $2a$10$12i5oKpeTFgyziHNeSGhOeJJy6 # bcrypt加密
      roles: ADMIN
  1. application-local.yaml
java 复制代码 
# Spring Boot Admin 配置项
spring:
  boot:
    admin:
      # Spring Boot Admin Client 客户端的相关配置
      client:
        url: http://127.0.0.1:${server.port}/${spring.boot.admin.context-path} # 设置 Spring Boot Admin Server 地址
        instance:
          service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
        username: admin
        password: ***
      # Spring Boot Admin Server 服务端的相关配置
      context-path: /admin # 配置 Spring

注意,如果是配置的nginx反代https请求,则上面的application-local.yaml需要配置:

复制代码 
# Spring Boot Admin 配置项
spring:
  boot:
    admin:
      ui:
        public-url: https://xx.xxxxx.cn/${spring.boot.admin.context-path}
      # Spring Boot Admin Client 客户端的相关配置
      client:
        url: https://xx.xxxxx.cn/${spring.boot.admin.context-path} # 设置 Spring Boot Admin Server 地址
        instance:
          service-host-type: IP # 注册实例时,优先使用 IP [IP, HOST_NAME, CANONICAL_HOST_NAME]
        username: admin
        password: ***
      # Spring Boot Admin Server 服务端的相关配置
      context-path: /wz-admin # 配置 Spring
相关推荐
NE_STOP11 小时前
springMVC-HTTP消息转换器与文件上传、下载、异常处理
spring
洋洋技术笔记13 小时前
Spring Boot配置管理最佳实践
spring boot
华仔啊13 小时前
挖到了 1 个 Java 小特性:var,用完就回不去了
java·后端
SimonKing13 小时前
SpringBoot整合秘笈:让Mybatis用上Calcite,实现统一SQL查询
java·后端·程序员
日月云棠1 天前
各版本JDK对比:JDK 25 特性详解
java
用户8307196840821 天前
Spring Boot 项目中日期处理的最佳实践
java·spring boot
JavaGuide1 天前
Claude Opus 4.6 真的用不起了!我换成了国产 M2.5,实测真香!!
java·spring·ai·claude code
IT探险家1 天前
Java 基本数据类型:8 种原始类型 + 数组 + 6 个新手必踩的坑
java
花花无缺1 天前
搞懂new 关键字(构造函数)和 .builder() 模式(建造者模式)创建对象
java
用户908324602731 天前
Spring Boot + MyBatis-Plus 多租户实战:从数据隔离到权限控制的完整方案
java·后端
热门推荐
01GitHub 镜像站点02【OpenClaw 本地实战 Ep.3】突破瓶颈:强制修改 openclaw.json 解锁 32k 上下文记忆03OpenClaw 使用和管理 MCP 完全指南04Claude Code + GLM4.7 避坑指南:解决 Unable to connect to Anthropic services05Clawdbot部署教程:解决‘gateway token missing’授权问题的完整步骤06OpenClaw + 飞书(Feishu)环境搭建指南07AI 规范驱动开发“三剑客”深度对比:Spec-Kit、Kiro 与 OpenSpec 实战指南08Window 10部署openclaw报错node.exe : npm error code 12809AI Agent 平台横评:ZeroClaw vs OpenClaw vs Nanobot10本地部署 OpenClaw + DeepSeek-R1 完全指南