perf: Actuator Endpoints 保护

pom.xml

@@ -155,6 +155,10 @@
             <artifactId>spring-boot-admin-starter-client</artifactId>
             <version>3.0.0-M1</version>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
 
         <dependency>
             <groupId>mysql</groupId>

src/main/java/io/github/xxyopen/novel/NovelApplication.java

@@ -4,12 +4,16 @@ import lombok.extern.slf4j.Slf4j;
 import org.mybatis.spring.annotation.MapperScan;
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.boot.SpringApplication;
+import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cache.CacheManager;
 import org.springframework.cache.annotation.EnableCaching;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.scheduling.annotation.EnableScheduling;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.util.matcher.AnyRequestMatcher;
 
 import java.util.Map;
 
@@ -20,21 +24,30 @@ import java.util.Map;
 @Slf4j
 public class NovelApplication {
 
-	public static void main(String[] args) {
+    public static void main(String[] args) {
-		SpringApplication.run(NovelApplication.class, args);
+        SpringApplication.run(NovelApplication.class, args);
-	}
+    }
 
-	@Bean
+    @Bean
-	public CommandLineRunner commandLineRunner(ApplicationContext context){
+    public CommandLineRunner commandLineRunner(ApplicationContext context) {
-		return args -> {
+        return args -> {
-			Map<String, CacheManager> beans = context.getBeansOfType(CacheManager.class);
+            Map<String, CacheManager> beans = context.getBeansOfType(CacheManager.class);
-			log.info("加载了如下缓存管理器：");
+            log.info("加载了如下缓存管理器：");
-			beans.forEach((k,v)->{
+            beans.forEach((k, v) -> {
-				log.info("{}:{}",k,v.getClass().getName());
+                log.info("{}:{}", k, v.getClass().getName());
-				log.info("缓存：{}",v.getCacheNames());
+                log.info("缓存：{}", v.getCacheNames());
-			});
+            });
 
-		};
+        };
-	}
+    }
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http.csrf().disable()
+                .requestMatcher(EndpointRequest.toAnyEndpoint())
+                .authorizeRequests(requests -> requests.anyRequest().hasRole("ENDPOINT_ADMIN"));
+        http.httpBasic();
+        return http.build();
+    }
 
 }

src/main/resources/application.yml

@@ -147,28 +147,44 @@ spring:
         username: novel
         # Spring Boot Admin 服务端认证密码
         password: novel
+  security:
+    user:
+      name: ENDPOINT_ADMIN
+      password: ENDPOINT_ADMIN
+      roles: ENDPOINT_ADMIN
 
-
+# Actuator 端点管理
 management:
+  # 端点公开配置
   endpoints:
+    # 通过 HTTP 公开的 Web 端点
     web:
       exposure:
+        # 公开所有的 Web 端点
         include: "*"
+
+  # 端点启用配置
   endpoint:
     logfile:
+      # 启用返回日志文件内容的端点
       enabled: true
+      # 外部日志文件路径
       external-file: logs/novel.log
 
   info:
     env:
+      # 公开所有以 info. 开头的环境属性
       enabled: true
   health:
     rabbit:
+      # 关闭 rabbitmq 的健康检查
       enabled: false
     elasticsearch:
+      # 关闭 elasticsearch 的健康检查
       enabled: false
 
 
+
 ---
 spring:
   config: