/**
|
* BladeX Commercial License Agreement
|
* Copyright (c) 2018-2099, https://bladex.cn. All rights reserved.
|
* <p>
|
* Use of this software is governed by the Commercial License Agreement
|
* obtained after purchasing a license from BladeX.
|
* <p>
|
* 1. This software is for development use only under a valid license
|
* from BladeX.
|
* <p>
|
* 2. Redistribution of this software's source code to any third party
|
* without a commercial license is strictly prohibited.
|
* <p>
|
* 3. Licensees may copyright their own code but cannot use segments
|
* from this software for such purposes. Copyright of this software
|
* remains with BladeX.
|
* <p>
|
* Using this software signifies agreement to this License, and the software
|
* must not be used for illegal purposes.
|
* <p>
|
* THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY. The author is
|
* not liable for any claims arising from secondary or illegal development.
|
* <p>
|
* Author: DreamLu (596392912@qq.com)
|
*/
|
package org.springblade.admin.config;
|
|
import de.codecentric.boot.admin.server.config.AdminServerProperties;
|
import org.springblade.admin.security.InternalAuthorizationManager;
|
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Configuration;
|
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
|
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
import org.springframework.security.web.server.SecurityWebFilterChain;
|
import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler;
|
|
import java.net.URI;
|
|
/**
|
* 监控安全配置
|
*
|
* @author L.cm
|
*/
|
@EnableWebFluxSecurity
|
@Configuration(proxyBeanMethods = false)
|
@EnableConfigurationProperties(AdminServerProperties.class)
|
public class SecurityConfiguration {
|
private final String contextPath;
|
|
public SecurityConfiguration(AdminServerProperties adminServerProperties) {
|
this.contextPath = adminServerProperties.getContextPath();
|
}
|
|
@Bean
|
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
|
// @formatter:off
|
RedirectServerAuthenticationSuccessHandler successHandler = new RedirectServerAuthenticationSuccessHandler();
|
successHandler.setLocation(URI.create(contextPath + "/"));
|
return http
|
// 明确调用headers()方法进行配置
|
.headers(headers -> headers
|
// 禁用frameOptions
|
.frameOptions(ServerHttpSecurity.HeaderSpec.FrameOptionsSpec::disable)
|
)
|
// 配置授权规则
|
.authorizeExchange(exchanges -> exchanges
|
.pathMatchers(
|
contextPath + "/assets/**",
|
contextPath + "/login",
|
contextPath + "/v1/agent/**",
|
contextPath + "/v1/catalog/**",
|
contextPath + "/v1/health/**"
|
).permitAll()
|
.pathMatchers(contextPath + "/actuator", contextPath + "/actuator/**")
|
.access(new InternalAuthorizationManager())
|
.anyExchange().authenticated()
|
)
|
// 配置表单登录
|
.formLogin(formLogin -> formLogin
|
.loginPage(contextPath + "/login")
|
.authenticationSuccessHandler(successHandler)
|
)
|
// 配置登出
|
.logout(logout -> logout
|
.logoutUrl(contextPath + "/logout")
|
)
|
// 禁用HTTP Basic认证
|
.httpBasic(ServerHttpSecurity.HttpBasicSpec::disable)
|
// 禁用CSRF
|
.csrf(ServerHttpSecurity.CsrfSpec::disable)
|
.build();
|
// @formatter:on
|
}
|
|
}
|
