From 925da99d0b9cdca934795dd3404be6073b56ad8d Mon Sep 17 00:00:00 2001
From: xiongxiaoyang <773861846@qq.com>
Date: Tue, 7 Jun 2022 18:17:08 +0800
Subject: [PATCH] =?UTF-8?q?perf:=20Actuator=20Endpoints=20=E4=BF=9D?=
 =?UTF-8?q?=E6=8A=A4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 pom.xml                                       |  4 ++
 .../xxyopen/novel/NovelApplication.java       | 41 ++++++++++++-------
 src/main/resources/application.yml            | 18 +++++++-
 3 files changed, 48 insertions(+), 15 deletions(-)

diff --git a/pom.xml b/pom.xml
index c3ca758..04b3c58 100644
--- a/pom.xml
+++ b/pom.xml
@@ -155,6 +155,10 @@
             <artifactId>spring-boot-admin-starter-client</artifactId>
             <version>3.0.0-M1</version>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
 
         <dependency>
             <groupId>mysql</groupId>
diff --git a/src/main/java/io/github/xxyopen/novel/NovelApplication.java b/src/main/java/io/github/xxyopen/novel/NovelApplication.java
index 5f5d082..c0e7072 100644
--- a/src/main/java/io/github/xxyopen/novel/NovelApplication.java
+++ b/src/main/java/io/github/xxyopen/novel/NovelApplication.java
@@ -4,12 +4,16 @@ import lombok.extern.slf4j.Slf4j;
 import org.mybatis.spring.annotation.MapperScan;
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.boot.SpringApplication;
+import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cache.CacheManager;
 import org.springframework.cache.annotation.EnableCaching;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.scheduling.annotation.EnableScheduling;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.util.matcher.AnyRequestMatcher;
 
 import java.util.Map;
 
@@ -20,21 +24,30 @@ import java.util.Map;
 @Slf4j
 public class NovelApplication {
 
-	public static void main(String[] args) {
-		SpringApplication.run(NovelApplication.class, args);
-	}
+    public static void main(String[] args) {
+        SpringApplication.run(NovelApplication.class, args);
+    }
 
-	@Bean
-	public CommandLineRunner commandLineRunner(ApplicationContext context){
-		return args -> {
-			Map<String, CacheManager> beans = context.getBeansOfType(CacheManager.class);
-			log.info("加载了如下缓存管理器：");
-			beans.forEach((k,v)->{
-				log.info("{}:{}",k,v.getClass().getName());
-				log.info("缓存：{}",v.getCacheNames());
-			});
+    @Bean
+    public CommandLineRunner commandLineRunner(ApplicationContext context) {
+        return args -> {
+            Map<String, CacheManager> beans = context.getBeansOfType(CacheManager.class);
+            log.info("加载了如下缓存管理器：");
+            beans.forEach((k, v) -> {
+                log.info("{}:{}", k, v.getClass().getName());
+                log.info("缓存：{}", v.getCacheNames());
+            });
 
-		};
-	}
+        };
+    }
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http.csrf().disable()
+                .requestMatcher(EndpointRequest.toAnyEndpoint())
+                .authorizeRequests(requests -> requests.anyRequest().hasRole("ENDPOINT_ADMIN"));
+        http.httpBasic();
+        return http.build();
+    }
 
 }
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 5b97094..baf43a2 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -147,28 +147,44 @@ spring:
         username: novel
         # Spring Boot Admin 服务端认证密码
         password: novel
+  security:
+    user:
+      name: ENDPOINT_ADMIN
+      password: ENDPOINT_ADMIN
+      roles: ENDPOINT_ADMIN
 
-
+# Actuator 端点管理
 management:
+  # 端点公开配置
   endpoints:
+    # 通过 HTTP 公开的 Web 端点
     web:
       exposure:
+        # 公开所有的 Web 端点
         include: "*"
+
+  # 端点启用配置
   endpoint:
     logfile:
+      # 启用返回日志文件内容的端点
       enabled: true
+      # 外部日志文件路径
       external-file: logs/novel.log
 
   info:
     env:
+      # 公开所有以 info. 开头的环境属性
       enabled: true
   health:
     rabbit:
+      # 关闭 rabbitmq 的健康检查
       enabled: false
     elasticsearch:
+      # 关闭 elasticsearch 的健康检查
       enabled: false
 
 
+
 ---
 spring:
   config: