springboot actuator未授权访问漏洞

2022-09-19 11:21:22 +08:00 · 2022-09-19 11:21:22 +08:00 · a781606512
parent e142f4d3dd
commit a781606512
1 changed files with 2 additions and 2 deletions
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java
@ -144,8 +144,8 @@ public class ShiroConfig {
        filterChainDefinitionMap.put("/vxeSocket/**", "anon");//JVxeTable无痕刷新示例
-        //性能监控  TODO 存在安全漏洞泄露TOEKN（durid连接池也有）
+        //性能监控，放开排除会存在安全漏洞泄露TOEKN（durid连接池也有）
-        filterChainDefinitionMap.put("/actuator/**", "anon");
+        //filterChainDefinitionMap.put("/actuator/**", "anon");
        //测试模块排除
        filterChainDefinitionMap.put("/test/seata/**", "anon");