add 增加 springboot actuator 账号密码认证杜绝内外网信息泄漏问题

2025-09-24 07:19:46 +08:00 · 2024-07-24 18:56:40 +08:00
parent 0a3d5fd5d4
commit 105c007f03
7 changed files with 36 additions and 3 deletions
--- a/ruoyi-extend/ruoyi-monitor-admin/src/main/java/org/dromara/monitor/admin/config/SecurityConfig.java
+++ b/ruoyi-extend/ruoyi-monitor-admin/src/main/java/org/dromara/monitor/admin/config/SecurityConfig.java
@ -39,9 +39,7 @@ public class SecurityConfig {
            .authorizeHttpRequests((authorize) ->
                authorize.requestMatchers(
                        new AntPathRequestMatcher(adminContextPath + "/assets/**"),
-                        new AntPathRequestMatcher(adminContextPath + "/login"),
-                        new AntPathRequestMatcher("/actuator"),
-                        new AntPathRequestMatcher("/actuator/**")
+                        new AntPathRequestMatcher(adminContextPath + "/login")
                    ).permitAll()
                    .anyRequest().authenticated())
            .formLogin((formLogin) ->
--- a/ruoyi-extend/ruoyi-monitor-admin/src/main/resources/application.yml
+++ b/ruoyi-extend/ruoyi-monitor-admin/src/main/resources/application.yml
@ -41,5 +41,8 @@ spring.boot.admin.client:
  url: http://localhost:9090/admin
  instance:
    service-host-type: IP
+    metadata:
+      username: ${spring.boot.admin.client.username}
+      userpassword: ${spring.boot.admin.client.password}
  username: ruoyi
  password: 123456