【修复】修复因未登录可以直接看druid界面的信息泄露，增加了配置项

2022-05-16 15:24:41 +08:00 · 2022-05-16 15:24:41 +08:00 · 6877fbcd94
commit 6877fbcd94
parent 9709a99fd1
3 changed files with 24 additions and 0 deletions
--- a/snowy-base/snowy-core/src/main/java/vip/xiaonuo/core/context/constant/ConstantContextHolder.java
+++ b/snowy-base/snowy-core/src/main/java/vip/xiaonuo/core/context/constant/ConstantContextHolder.java
@ -34,6 +34,7 @@ import vip.xiaonuo.core.consts.CommonConstant;
 import vip.xiaonuo.core.consts.SymbolConstant;
 import vip.xiaonuo.core.exception.ServiceException;
 import vip.xiaonuo.core.pojo.cryptogram.CryptogramConfigs;
+import vip.xiaonuo.core.pojo.druid.DruidProperties;
 import vip.xiaonuo.core.pojo.email.EmailConfigs;
 import vip.xiaonuo.core.pojo.oauth.OauthConfigs;
 import vip.xiaonuo.core.pojo.sms.AliyunSmsConfigs;
@ -132,6 +133,22 @@ public class ConstantContextHolder {
        return tencentSmsConfigs;
    }

+    /**
+     * 获取Druid默认用户名密码
+     *
+     * @author yubaoshan
+     * @date 2022/5/16
+     */
+    public static DruidProperties getDruidLoginConfigs() {
+        String snowyDruidLoginUsername = getSysConfigWithDefault("SNOWY_DRUID_LOGIN_USERNAME", String.class, RandomUtil.randomString(10));
+        String snowyDruidLoginPassword = getSysConfigWithDefault("SNOWY_DRUID_LOGIN_PASSWORD", String.class, RandomUtil.randomString(10));
+
+        DruidProperties druidProperties = new DruidProperties();
+        druidProperties.setLoginUsername(snowyDruidLoginUsername);
+        druidProperties.setLoginPassword(snowyDruidLoginPassword);
+        return druidProperties;
+    }
+
    /**
     * 获取阿里云短信的配置
     *
--- a/snowy-base/snowy-core/src/main/java/vip/xiaonuo/core/pojo/druid/DruidProperties.java
+++ b/snowy-base/snowy-core/src/main/java/vip/xiaonuo/core/pojo/druid/DruidProperties.java
@ -74,6 +74,10 @@ public class DruidProperties {
     */
    private final String KINGBASEES_VALIDATE_QUERY_SQL = "select 1";

+    private String loginUsername;
+
+    private String loginPassword;
+
    private String url;

    private String username;
--- a/snowy-base/snowy-system/src/main/java/vip/xiaonuo/sys/config/DataSourceConfig.java
+++ b/snowy-base/snowy-system/src/main/java/vip/xiaonuo/sys/config/DataSourceConfig.java
@ -31,6 +31,7 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.boot.web.servlet.ServletRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import vip.xiaonuo.core.context.constant.ConstantContextHolder;
 import vip.xiaonuo.core.pojo.druid.DruidProperties;

 import java.util.HashMap;
@ -83,6 +84,8 @@ public class DataSourceConfig {
        statViewServletParams.put("resetEnable", "true");
        ServletRegistrationBean<StatViewServlet> registration = new ServletRegistrationBean<>(new StatViewServlet());
        registration.addUrlMappings("/druid/*");
+        statViewServletParams.put("loginUsername", ConstantContextHolder.getDruidLoginConfigs().getLoginUsername());
+        statViewServletParams.put("loginPassword", ConstantContextHolder.getDruidLoginConfigs().getLoginPassword());
        registration.setInitParameters(statViewServletParams);
        return registration;
    }