pengjunjie/JeecgBoot
1
0
Fork 1
mirror of https://github.com/jeecgboot/JeecgBoot.git synced 2025-12-08 17:12:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

springboot actuator未授权访问漏洞

Browse Source
This commit is contained in:
zhangdaiscott
2022-09-19 11:21:22 +08:00
parent e142f4d3dd
commit a781606512
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java
View File

@ -144,8 +144,8 @@ public class ShiroConfig {
filterChainDefinitionMap.put("/vxeSocket/**", "anon");//JVxeTable无痕刷新示例 filterChainDefinitionMap.put("/vxeSocket/**", "anon");//JVxeTable无痕刷新示例
//性能监控 TODO 存在安全漏洞泄露TOEKNdurid连接池也有 //性能监控,放开排除会存在安全漏洞泄露TOEKNdurid连接池也有
filterChainDefinitionMap.put("/actuator/**", "anon"); //filterChainDefinitionMap.put("/actuator/**", "anon");
//测试模块排除 //测试模块排除
filterChainDefinitionMap.put("/test/seata/**", "anon"); filterChainDefinitionMap.put("/test/seata/**", "anon");