github
/
halo
mirror of https://github.com/halo-dev/halo
1
0
Fork 0
Code Issues Releases Wiki Activity

feat: add config option to allow disabling Basic authentication (#6689) 

#### What type of PR is this?
/milestone 2.20.x
/area core
/kind improvement

#### What this PR does / why we need it:
允许通过 `halo.security.basic-auth.disabled=true` 配置来禁用 Basic Auth 认证

#### Which issue(s) this PR fixes:
Fixes #5408

#### Does this PR introduce a user-facing change?
```release-note
允许通过 `halo.security.basic-auth.disabled=true` 配置来禁用 Basic Auth 认证,在 2.20 版本生产环境下默认禁用了 Basic Auth
```
pull/6734/head
guqing 2024-09-30 11:59:51 +08:00 committed by GitHub
parent 875a804a56
commit 56804c9be1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
application/src/main/java/run/halo/app/infra/config/WebServerSecurityConfig.java
View File

@ -1,6 +1,5 @@
package run.halo.app.infra.config; package run.halo.app.infra.config;
import static org.springframework.security.config.Customizer.withDefaults;
import static org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.builder; import static org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.builder;
import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.pathMatchers; import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.pathMatchers;
@ -109,7 +108,11 @@ public class WebServerSecurityConfig {
spec.principal(AnonymousUserConst.PRINCIPAL); spec.principal(AnonymousUserConst.PRINCIPAL);
}) })
.securityContextRepository(securityContextRepository) .securityContextRepository(securityContextRepository)
.httpBasic(withDefaults()) .httpBasic(basic -> {
if (haloProperties.getSecurity().getBasicAuth().isDisabled()) {
basic.disable();
}
})
.oauth2ResourceServer(oauth2 -> { .oauth2ResourceServer(oauth2 -> {
var authManagerResolver = builder().add( var authManagerResolver = builder().add(
new PatServerWebExchangeMatcher(), new PatServerWebExchangeMatcher(),

10
application/src/main/java/run/halo/app/infra/properties/SecurityProperties.java
View File

@ -18,6 +18,16 @@ public class SecurityProperties {
private final TwoFactorAuthOptions twoFactorAuth = new TwoFactorAuthOptions(); private final TwoFactorAuthOptions twoFactorAuth = new TwoFactorAuthOptions();
private final BasicAuthOptions basicAuth = new BasicAuthOptions();
@Data
public static class BasicAuthOptions {
/**
* Whether basic authentication is disabled.
*/
private boolean disabled = true;
}
@Data @Data
public static class TwoFactorAuthOptions { public static class TwoFactorAuthOptions {

3
application/src/main/resources/application-dev.yaml
View File

@ -15,6 +15,9 @@ spring:
use-last-modified: false use-last-modified: false
halo: halo:
security:
basic-auth:
disabled: false
console: console:
proxy: proxy:
endpoint: http://localhost:3000/ endpoint: http://localhost:3000/