diff --git a/console/src/main/java/com/alibaba/nacos/console/config/WebSecurityConfig.java b/console/src/main/java/com/alibaba/nacos/console/config/WebSecurityConfig.java index 088641d06..9765920a6 100644 --- a/console/src/main/java/com/alibaba/nacos/console/config/WebSecurityConfig.java +++ b/console/src/main/java/com/alibaba/nacos/console/config/WebSecurityConfig.java @@ -22,6 +22,7 @@ import com.alibaba.nacos.console.utils.JWTTokenUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.core.env.Environment; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.BeanIds; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; @@ -56,6 +57,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private JWTTokenUtils tokenProvider; + @Autowired + private Environment env; + @Bean(name = BeanIds.AUTHENTICATION_MANAGER) @Override public AuthenticationManager authenticationManagerBean() throws Exception { @@ -69,39 +73,28 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override public void configure(WebSecurity web) { - // TODO: we should use a better way to match the resources - // requests for resource and auth api are always allowed - web.ignoring() - .antMatchers("/") - .antMatchers("/**/*.css", "/**/*.js", "/**/*.html", "/**/*.map", "/**/*.svg", "/**/*.png", "/**/*.ico") - .antMatchers("/**.css", "/**.js", "/**.html", "/**.map", "/**.svg", "/**.png", "/**.ico") - .antMatchers("/console-fe/public/*") - .antMatchers("/v1/auth/login") - .antMatchers("/v1/cs/health"); + String ignoreURLs = env.getProperty("nacos.security.ignore.urls", "/**"); + for (String ignoreURL : ignoreURLs.trim().split(",")) { + web.ignoring().antMatchers(ignoreURL.trim()); + } } @Override protected void configure(HttpSecurity http) throws Exception { + http + .authorizeRequests() + .anyRequest().authenticated().and() + // custom token authorize exception handler + .exceptionHandling() + .authenticationEntryPoint(unauthorizedHandler).and() + // since we use jwt, session is not necessary + .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() + // since we use jwt, csrf is not necessary + .csrf().disable(); + http.addFilterBefore(new JwtAuthenticationTokenFilter(tokenProvider), UsernamePasswordAuthenticationFilter.class); - // TODO 做开关是否开启登录功能 - if (false) { - http.authorizeRequests().antMatchers("/").permitAll(); - } else { - http - .authorizeRequests() - .anyRequest().authenticated().and() - // custom token authorize exception handler - .exceptionHandling() - .authenticationEntryPoint(unauthorizedHandler).and() - // since we use jwt, session is not necessary - .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() - // since we use jwt, csrf is not necessary - .csrf().disable(); - http.addFilterBefore(new JwtAuthenticationTokenFilter(tokenProvider), UsernamePasswordAuthenticationFilter.class); - - // disable cache - http.headers().cacheControl(); - } + // disable cache + http.headers().cacheControl(); } @Bean diff --git a/console/src/main/resources/META-INF/nacos-default.properties b/console/src/main/resources/META-INF/nacos-default.properties index 019d315ac..756f652b0 100644 --- a/console/src/main/resources/META-INF/nacos-default.properties +++ b/console/src/main/resources/META-INF/nacos-default.properties @@ -41,8 +41,10 @@ db.url.1=jdbc:mysql://11.163.152.91:3306/diamond_devtest?characterEncoding=utf8& db.user=diamond_devtest db.password=4b9622f3f70c7677835ac5a6719e7caf +#spring.security.enabled=false +#management.security=false +#security.basic.enabled=false +#nacos.security.ignore.urls=/** +nacos.security.ignore.urls=/,/**/*.css,/**/*.js,/**/*.html,/**/*.map,/**/*.svg,/**/*.png,/**/*.ico,/console-fe/public/*,/v1/auth/login,/v1/auth/health - -enableAccessControl=false - diff --git a/console/src/main/resources/META-INF/schema.sql b/console/src/main/resources/META-INF/schema.sql index 1924d05ed..8d22aa35f 100644 --- a/console/src/main/resources/META-INF/schema.sql +++ b/console/src/main/resources/META-INF/schema.sql @@ -184,8 +184,6 @@ CREATE TABLE roles ( role varchar(50) NOT NULL ); -INSERT INTO users (username, password, enabled) VALUES ('user', '$2a$16$71d1ewoFISFmOz1omV3o7OS6yZVx1YS9agqXZjdHebyVCS3wsJeVy', TRUE); -INSERT INTO users (username, password, enabled) VALUES ('admin', '$2a$16$71d1ewoFISFmOz1omV3o7OS6yZVx1YS9agqXZjdHebyVCS3wsJeVy', TRUE); +INSERT INTO users (username, password, enabled) VALUES ('admin', '$2a$10$HxtJtd59imujvbux.i55zOGewhnJiLVXX8D9AETDMV.XtBLDGOXtW', TRUE); -INSERT INTO roles (username, role) VALUES ('user', 'ROLE_USER'); INSERT INTO roles (username, role) VALUES ('admin', 'ROLE_ADMIN');