gitee/snowy
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

【修复】修复因未登录可以直接看druid界面的信息泄露,增加了配置项

Browse Source
This commit is contained in:
小诺 2022-05-16 15:24:41 +08:00 committed by 小诺
parent 9709a99fd1
commit 6877fbcd94
3 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
snowy-base/snowy-core/src/main/java/vip/xiaonuo/core/context/constant/ConstantContextHolder.java
View File

@ -34,6 +34,7 @@ import vip.xiaonuo.core.consts.CommonConstant;
import vip.xiaonuo.core.consts.SymbolConstant; import vip.xiaonuo.core.consts.SymbolConstant;
import vip.xiaonuo.core.exception.ServiceException; import vip.xiaonuo.core.exception.ServiceException;
import vip.xiaonuo.core.pojo.cryptogram.CryptogramConfigs; import vip.xiaonuo.core.pojo.cryptogram.CryptogramConfigs;
import vip.xiaonuo.core.pojo.druid.DruidProperties;
import vip.xiaonuo.core.pojo.email.EmailConfigs; import vip.xiaonuo.core.pojo.email.EmailConfigs;
import vip.xiaonuo.core.pojo.oauth.OauthConfigs; import vip.xiaonuo.core.pojo.oauth.OauthConfigs;
import vip.xiaonuo.core.pojo.sms.AliyunSmsConfigs; import vip.xiaonuo.core.pojo.sms.AliyunSmsConfigs;
@ -132,6 +133,22 @@ public class ConstantContextHolder {
return tencentSmsConfigs; return tencentSmsConfigs;
} }
/**
* 获取Druid默认用户名密码
*
* @author yubaoshan
* @date 2022/5/16
*/
public static DruidProperties getDruidLoginConfigs() {
String snowyDruidLoginUsername = getSysConfigWithDefault("SNOWY_DRUID_LOGIN_USERNAME", String.class, RandomUtil.randomString(10));
String snowyDruidLoginPassword = getSysConfigWithDefault("SNOWY_DRUID_LOGIN_PASSWORD", String.class, RandomUtil.randomString(10));
DruidProperties druidProperties = new DruidProperties();
druidProperties.setLoginUsername(snowyDruidLoginUsername);
druidProperties.setLoginPassword(snowyDruidLoginPassword);
return druidProperties;
}
/** /**
* 获取阿里云短信的配置 * 获取阿里云短信的配置
* *

4
snowy-base/snowy-core/src/main/java/vip/xiaonuo/core/pojo/druid/DruidProperties.java
View File

@ -74,6 +74,10 @@ public class DruidProperties {
*/ */
private final String KINGBASEES_VALIDATE_QUERY_SQL = "select 1"; private final String KINGBASEES_VALIDATE_QUERY_SQL = "select 1";
private String loginUsername;
private String loginPassword;
private String url; private String url;
private String username; private String username;

3
snowy-base/snowy-system/src/main/java/vip/xiaonuo/sys/config/DataSourceConfig.java
View File

@ -31,6 +31,7 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.web.servlet.ServletRegistrationBean; import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import vip.xiaonuo.core.context.constant.ConstantContextHolder;
import vip.xiaonuo.core.pojo.druid.DruidProperties; import vip.xiaonuo.core.pojo.druid.DruidProperties;
import java.util.HashMap; import java.util.HashMap;
@ -83,6 +84,8 @@ public class DataSourceConfig {
statViewServletParams.put("resetEnable", "true"); statViewServletParams.put("resetEnable", "true");
ServletRegistrationBean<StatViewServlet> registration = new ServletRegistrationBean<>(new StatViewServlet()); ServletRegistrationBean<StatViewServlet> registration = new ServletRegistrationBean<>(new StatViewServlet());
registration.addUrlMappings("/druid/*"); registration.addUrlMappings("/druid/*");
statViewServletParams.put("loginUsername", ConstantContextHolder.getDruidLoginConfigs().getLoginUsername());
statViewServletParams.put("loginPassword", ConstantContextHolder.getDruidLoginConfigs().getLoginPassword());
registration.setInitParameters(statViewServletParams); registration.setInitParameters(statViewServletParams);
return registration; return registration;
} }