perf: Actuator Endpoints 保护

pom.xml

@@ -155,6 +155,10 @@
             <artifactId>spring-boot-admin-starter-client</artifactId>
             <version>3.0.0-M1</version>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
 
         <dependency>
             <groupId>mysql</groupId>

src/main/java/io/github/xxyopen/novel/NovelApplication.java

@@ -4,12 +4,16 @@ import lombok.extern.slf4j.Slf4j;
 import org.mybatis.spring.annotation.MapperScan;
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.boot.SpringApplication;
+import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cache.CacheManager;
 import org.springframework.cache.annotation.EnableCaching;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.scheduling.annotation.EnableScheduling;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.util.matcher.AnyRequestMatcher;
 
 import java.util.Map;
 
@@ -37,4 +41,13 @@ public class NovelApplication {
         };
     }
 
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http.csrf().disable()
+                .requestMatcher(EndpointRequest.toAnyEndpoint())
+                .authorizeRequests(requests -> requests.anyRequest().hasRole("ENDPOINT_ADMIN"));
+        http.httpBasic();
+        return http.build();
+    }
+
 }

src/main/resources/application.yml

@@ -147,28 +147,44 @@ spring:
         username: novel
         # Spring Boot Admin 服务端认证密码
         password: novel
+  security:
+    user:
+      name: ENDPOINT_ADMIN
+      password: ENDPOINT_ADMIN
+      roles: ENDPOINT_ADMIN
 
-
+# Actuator 端点管理
 management:
+  # 端点公开配置
   endpoints:
+    # 通过 HTTP 公开的 Web 端点
     web:
       exposure:
+        # 公开所有的 Web 端点
         include: "*"
+
+  # 端点启用配置
   endpoint:
     logfile:
+      # 启用返回日志文件内容的端点
       enabled: true
+      # 外部日志文件路径
       external-file: logs/novel.log
 
   info:
     env:
+      # 公开所有以 info. 开头的环境属性
       enabled: true
   health:
     rabbit:
+      # 关闭 rabbitmq 的健康检查
       enabled: false
     elasticsearch:
+      # 关闭 elasticsearch 的健康检查
       enabled: false
 
 
+
 ---
 spring:
   config: