From 016dcb7866835532eea2344a7e409a9bd4502fcf Mon Sep 17 00:00:00 2001 From: wonjunYou Date: Mon, 30 Sep 2024 15:37:15 +0900 Subject: [PATCH 1/9] =?UTF-8?q?[DEV-000]=20node-exporter=20=EC=84=A4?= =?UTF-8?q?=EC=B9=98=EB=A5=BC=20=EC=9C=84=ED=95=9C=20compose=20=EC=8A=A4?= =?UTF-8?q?=ED=81=AC=EB=A6=BD=ED=8A=B8=20=EC=9E=91=EC=84=B1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/prod-server-deployer.yml | 9 ++------ nodeexporter/node-exporter-compose.yml | 13 +++++++++++ promtail/promtail-docker-compose.yml | 1 - ....java => MonitoringApplicationRunner.java} | 23 +++++++++++-------- 4 files changed, 29 insertions(+), 17 deletions(-) create mode 100644 nodeexporter/node-exporter-compose.yml rename src/main/java/ddingdong/ddingdongBE/common/runner/{PromtailDockerComposeRunner.java => MonitoringApplicationRunner.java} (70%) diff --git a/.github/workflows/prod-server-deployer.yml b/.github/workflows/prod-server-deployer.yml index 3e5aef78..de1c8f83 100644 --- a/.github/workflows/prod-server-deployer.yml +++ b/.github/workflows/prod-server-deployer.yml @@ -3,7 +3,7 @@ name: prod-server-deployer on: push: branches: - - main + - chore/DEV-77 jobs: build: runs-on: ubuntu-latest @@ -53,6 +53,7 @@ jobs: cp build/libs/*.jar deploy/application.jar cp Procfile deploy/Procfile cp -r promtail deploy/promtail + cp -r nodeexporter deploy/nodeexporter cp -r .ebextensions deploy/.ebextensions cp -r .platform deploy/.platform cd deploy && zip -r deploy.zip . @@ -72,9 +73,3 @@ jobs: - name: Test with Gradle run: ./gradlew test --no-daemon - - - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@v3 - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - file: ./build/reports/jacoco/test/jacocoTestReport.xml diff --git a/nodeexporter/node-exporter-compose.yml b/nodeexporter/node-exporter-compose.yml new file mode 100644 index 00000000..09d120d1 --- /dev/null +++ b/nodeexporter/node-exporter-compose.yml @@ -0,0 +1,13 @@ +version: '3.8' + +services: + node-exporter: + image: quay.io/prometheus/node-exporter:latest + container_name: node-exporter + restart: always + network_mode: "host" + pid: "host" + volumes: + - "/:/host:ro,rslave" + command: + - '--path.rootfs=/host' diff --git a/promtail/promtail-docker-compose.yml b/promtail/promtail-docker-compose.yml index a60c6b18..015adfe4 100644 --- a/promtail/promtail-docker-compose.yml +++ b/promtail/promtail-docker-compose.yml @@ -1,7 +1,6 @@ version: '3' services: - promtail: image: grafana/promtail:2.9.1 container_name: promtail diff --git a/src/main/java/ddingdong/ddingdongBE/common/runner/PromtailDockerComposeRunner.java b/src/main/java/ddingdong/ddingdongBE/common/runner/MonitoringApplicationRunner.java similarity index 70% rename from src/main/java/ddingdong/ddingdongBE/common/runner/PromtailDockerComposeRunner.java rename to src/main/java/ddingdong/ddingdongBE/common/runner/MonitoringApplicationRunner.java index 432f1dde..f9021dc9 100644 --- a/src/main/java/ddingdong/ddingdongBE/common/runner/PromtailDockerComposeRunner.java +++ b/src/main/java/ddingdong/ddingdongBE/common/runner/MonitoringApplicationRunner.java @@ -1,25 +1,30 @@ package ddingdong.ddingdongBE.common.runner; +import java.io.BufferedReader; +import java.io.InputStreamReader; import lombok.extern.slf4j.Slf4j; import org.springframework.boot.ApplicationArguments; import org.springframework.boot.ApplicationRunner; import org.springframework.context.annotation.Profile; import org.springframework.stereotype.Component; -import java.io.BufferedReader; -import java.io.InputStreamReader; - @Component @Profile("prod") @Slf4j -public class PromtailDockerComposeRunner implements ApplicationRunner { +public class MonitoringApplicationRunner implements ApplicationRunner { @Override public void run(ApplicationArguments args) throws Exception { - log.info("Running PromtailDockerComposeRunner"); + log.info("Running Promtail & Node Exporter"); ProcessBuilder processBuilder = new ProcessBuilder(); - processBuilder.command("docker-compose", "-f", "/var/app/current/promtail/promtail-docker-compose.yml", "up", "-d"); + processBuilder.command( + "docker-compose", + "-f", "/var/app/current/promtail/promtail-docker-compose.yml", + "-f", "/var/app/current/nodeexporter/node-exporter-compose.yml", + "up", + "-d" + ); Process process = processBuilder.start(); @@ -40,9 +45,9 @@ public void run(ApplicationArguments args) throws Exception { int exitCode = process.waitFor(); if (exitCode == 0) { log.info("Promtail started successfully using Docker Compose."); - log.info("promtial is tracking info level log"); - log.warn("promtial is tracking warn level log"); - log.error("promtial is tracking error level log"); + log.info("promtail is tracking info level log"); + log.warn("promtail is tracking warn level log"); + log.error("promtail is tracking error level log"); } else { log.error("Failed to start Promtail. Exit code: {}", exitCode); } From 6d776667a27508ad347ac19b3b44df2a02052f13 Mon Sep 17 00:00:00 2001 From: wonjunYou Date: Mon, 30 Sep 2024 16:43:50 +0900 Subject: [PATCH 2/9] =?UTF-8?q?[DEV-77]=20spring-actuator=EC=9D=98=20prome?= =?UTF-8?q?theus=20=EC=97=94=EB=93=9C=ED=8F=AC=EC=9D=B8=ED=8A=B8=20expose?= =?UTF-8?q?=20=EC=84=A4=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/resources/application-prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/application-prod.yml b/src/main/resources/application-prod.yml index 1a1772ed..851fa55a 100644 --- a/src/main/resources/application-prod.yml +++ b/src/main/resources/application-prod.yml @@ -49,7 +49,7 @@ management: endpoints: web: exposure: - include: info, health + include: info, health, prometheus base-path: ${ACTUATOR_BASE_PATH} jmx: exposure: From fa17bb4bfc77ae61a6ccff9dcacfe69e4500fe53 Mon Sep 17 00:00:00 2001 From: wonjunYou Date: Mon, 30 Sep 2024 17:48:39 +0900 Subject: [PATCH 3/9] =?UTF-8?q?[DEV-77]=20monitoring=EC=9D=84=20=EC=9C=84?= =?UTF-8?q?=ED=95=9C=20=EC=9D=B8=EC=A6=9D=20=EC=82=AC=EC=9A=A9=EC=9E=90=20?= =?UTF-8?q?=EC=83=9D=EC=84=B1=20=EB=B0=8F=20filter=20=EC=84=A4=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/config/SecurityConfig.java | 27 ++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java b/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java index f8b0ad1a..2bdbfe3c 100644 --- a/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java +++ b/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java @@ -9,6 +9,8 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; @@ -29,6 +31,26 @@ public class SecurityConfig { @Value("security.actuator.base-path") private String actuatorPath; + @Value("${MONITORING_USERNAME}") + private String username; + + @Value("${MONITORING_USER_PASSWORD}") + private String password; + + @Bean + public AuthenticationManager authManager(HttpSecurity http) throws Exception { + AuthenticationManagerBuilder authenticationManagerBuilder = + http.getSharedObject(AuthenticationManagerBuilder.class); + + authenticationManagerBuilder + .inMemoryAuthentication() + .withUser(username) + .password(passwordEncoder().encode(password)) // 인코딩된 비밀번호 사용 + .roles("ADMIN"); // 역할 설정 + + return authenticationManagerBuilder.build(); + } + @Bean public SecurityFilterChain filterChain(HttpSecurity http, JwtAuthService authService, JwtConfig config) throws Exception { @@ -39,7 +61,10 @@ public SecurityFilterChain filterChain(HttpSecurity http, JwtAuthService authSer .permitAll() .requestMatchers(API_PREFIX + "/admin/**").hasRole("ADMIN") .requestMatchers(API_PREFIX + "/club/**").hasRole("CLUB") - .requestMatchers(actuatorPath).hasRole("ADMIN") + .requestMatchers(actuatorPath) + .hasRole("ADMIN") + .requestMatchers("/metrics") + .hasRole("ADMIN") .requestMatchers(GET, API_PREFIX + "/clubs/**", API_PREFIX + "/notices/**", From bdedbfb432b901b8813bbc3b012c29602d8d0f1e Mon Sep 17 00:00:00 2001 From: wonjunYou Date: Mon, 30 Sep 2024 17:56:12 +0900 Subject: [PATCH 4/9] =?UTF-8?q?[DEV-77]=20=EB=B3=84=EB=8F=84=20=EA=B6=8C?= =?UTF-8?q?=ED=95=9C=20=EC=84=A4=EC=A0=95=20=EC=97=86=EC=9D=B4=20basic=20a?= =?UTF-8?q?uth=20=EC=A0=81=EC=9A=A9=ED=95=98=EB=8F=84=EB=A1=9D=20=EB=B3=80?= =?UTF-8?q?=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/config/SecurityConfig.java | 25 ++----------------- 1 file changed, 2 insertions(+), 23 deletions(-) diff --git a/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java b/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java index 2bdbfe3c..8589c4c2 100644 --- a/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java +++ b/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java @@ -9,8 +9,6 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; @@ -31,25 +29,6 @@ public class SecurityConfig { @Value("security.actuator.base-path") private String actuatorPath; - @Value("${MONITORING_USERNAME}") - private String username; - - @Value("${MONITORING_USER_PASSWORD}") - private String password; - - @Bean - public AuthenticationManager authManager(HttpSecurity http) throws Exception { - AuthenticationManagerBuilder authenticationManagerBuilder = - http.getSharedObject(AuthenticationManagerBuilder.class); - - authenticationManagerBuilder - .inMemoryAuthentication() - .withUser(username) - .password(passwordEncoder().encode(password)) // 인코딩된 비밀번호 사용 - .roles("ADMIN"); // 역할 설정 - - return authenticationManagerBuilder.build(); - } @Bean public SecurityFilterChain filterChain(HttpSecurity http, JwtAuthService authService, JwtConfig config) @@ -62,9 +41,9 @@ public SecurityFilterChain filterChain(HttpSecurity http, JwtAuthService authSer .requestMatchers(API_PREFIX + "/admin/**").hasRole("ADMIN") .requestMatchers(API_PREFIX + "/club/**").hasRole("CLUB") .requestMatchers(actuatorPath) - .hasRole("ADMIN") + .authenticated() .requestMatchers("/metrics") - .hasRole("ADMIN") + .authenticated() .requestMatchers(GET, API_PREFIX + "/clubs/**", API_PREFIX + "/notices/**", From 3be1f4969fc32fc3a5bd725b9a56087bd0ac1421 Mon Sep 17 00:00:00 2001 From: wonjunYou Date: Mon, 30 Sep 2024 18:16:13 +0900 Subject: [PATCH 5/9] =?UTF-8?q?[DEV-77]=20=ED=95=98=EC=9C=84=20path=20url?= =?UTF-8?q?=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ddingdong/ddingdongBE/common/config/SecurityConfig.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java b/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java index 8589c4c2..3367a07b 100644 --- a/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java +++ b/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java @@ -29,7 +29,6 @@ public class SecurityConfig { @Value("security.actuator.base-path") private String actuatorPath; - @Bean public SecurityFilterChain filterChain(HttpSecurity http, JwtAuthService authService, JwtConfig config) throws Exception { @@ -40,7 +39,7 @@ public SecurityFilterChain filterChain(HttpSecurity http, JwtAuthService authSer .permitAll() .requestMatchers(API_PREFIX + "/admin/**").hasRole("ADMIN") .requestMatchers(API_PREFIX + "/club/**").hasRole("CLUB") - .requestMatchers(actuatorPath) + .requestMatchers(actuatorPath + "/**") .authenticated() .requestMatchers("/metrics") .authenticated() From 44969fb2067711c4bb0246247107f8db2942fec0 Mon Sep 17 00:00:00 2001 From: wonjunYou Date: Mon, 30 Sep 2024 18:27:04 +0900 Subject: [PATCH 6/9] =?UTF-8?q?[DEV-77]=20=EC=9E=84=EC=8B=9C=EB=A1=9C=20pe?= =?UTF-8?q?rmitAll()=20=EC=84=A4=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ddingdong/ddingdongBE/common/config/SecurityConfig.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java b/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java index 3367a07b..167cf070 100644 --- a/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java +++ b/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java @@ -40,9 +40,9 @@ public SecurityFilterChain filterChain(HttpSecurity http, JwtAuthService authSer .requestMatchers(API_PREFIX + "/admin/**").hasRole("ADMIN") .requestMatchers(API_PREFIX + "/club/**").hasRole("CLUB") .requestMatchers(actuatorPath + "/**") - .authenticated() + .permitAll() .requestMatchers("/metrics") - .authenticated() + .permitAll() .requestMatchers(GET, API_PREFIX + "/clubs/**", API_PREFIX + "/notices/**", From 04a5157bdabce1797388d55dbd2b77183e23aa66 Mon Sep 17 00:00:00 2001 From: wonjunYou Date: Mon, 30 Sep 2024 19:22:50 +0900 Subject: [PATCH 7/9] =?UTF-8?q?[DEV-77]=20actuator=EB=A5=BC=20=EC=9C=84?= =?UTF-8?q?=ED=95=9C=20=EC=9C=A0=EC=A0=80=20=EB=B0=8F=20=EB=B3=84=EB=8F=84?= =?UTF-8?q?=EC=9D=98=20basic=20auth=20filter=20=EC=84=A4=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/config/ActuatorProperties.java | 15 ++++ .../common/config/SecurityConfig.java | 75 +++++++++++-------- src/main/resources/application-prod.yml | 10 +-- 3 files changed, 65 insertions(+), 35 deletions(-) create mode 100644 src/main/java/ddingdong/ddingdongBE/common/config/ActuatorProperties.java diff --git a/src/main/java/ddingdong/ddingdongBE/common/config/ActuatorProperties.java b/src/main/java/ddingdong/ddingdongBE/common/config/ActuatorProperties.java new file mode 100644 index 00000000..f1f66595 --- /dev/null +++ b/src/main/java/ddingdong/ddingdongBE/common/config/ActuatorProperties.java @@ -0,0 +1,15 @@ +package ddingdong.ddingdongBE.common.config; + +import lombok.Getter; +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.stereotype.Component; + +@Component +@ConfigurationProperties(prefix = "actuator") +@Getter +public class ActuatorProperties { + + private String user; + private String password; + private String roleName; +} diff --git a/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java b/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java index 167cf070..40e03fbb 100644 --- a/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java +++ b/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java @@ -9,11 +9,16 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.core.annotation.Order; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.web.cors.CorsConfiguration; @@ -29,59 +34,44 @@ public class SecurityConfig { @Value("security.actuator.base-path") private String actuatorPath; + private final ActuatorProperties actuatorProperties; + + public SecurityConfig(ActuatorProperties actuatorProperties) { + this.actuatorProperties = actuatorProperties; + } + @Bean + @Order(0) public SecurityFilterChain filterChain(HttpSecurity http, JwtAuthService authService, JwtConfig config) - throws Exception { + throws Exception { http .authorizeHttpRequests(auth -> auth - .requestMatchers(API_PREFIX + "/auth/**", - API_PREFIX + "/events/**") - .permitAll() + .requestMatchers(API_PREFIX + "/auth/**").permitAll() .requestMatchers(API_PREFIX + "/admin/**").hasRole("ADMIN") .requestMatchers(API_PREFIX + "/club/**").hasRole("CLUB") - .requestMatchers(actuatorPath + "/**") - .permitAll() - .requestMatchers("/metrics") - .permitAll() .requestMatchers(GET, API_PREFIX + "/clubs/**", API_PREFIX + "/notices/**", API_PREFIX + "/banners/**", API_PREFIX + "/documents/**", API_PREFIX + "/questions/**", - API_PREFIX + "/feeds/**") - .permitAll() + API_PREFIX + "/feeds/**").permitAll() .requestMatchers("/v3/api-docs/**", "/swagger-ui/**", "/swagger-resources/**") .permitAll() - .anyRequest() - .authenticated() + .anyRequest().authenticated() ) - .cors(cors -> cors - .configurationSource(corsConfigurationSource()) - ) - /* - csrf, headers, http-basic, rememberMe, formLogin 비활성화 - */ + .cors(cors -> cors.configurationSource(corsConfigurationSource())) .csrf(AbstractHttpConfigurer::disable) .headers(AbstractHttpConfigurer::disable) .httpBasic(AbstractHttpConfigurer::disable) .rememberMe(AbstractHttpConfigurer::disable) .formLogin(AbstractHttpConfigurer::disable) .logout(AbstractHttpConfigurer::disable) - /* - Session 설정 - */ .sessionManagement(session -> session .sessionCreationPolicy(SessionCreationPolicy.STATELESS) ) - /* - Jwt 필터 - */ .addFilterBefore(authenticationFilter(authService, config), UsernamePasswordAuthenticationFilter.class) - /* - exceptionHandling - */ .exceptionHandling(exceptions -> exceptions .authenticationEntryPoint(restAuthenticationEntryPoint()) .accessDeniedHandler(accessDeniedHandler()) @@ -90,9 +80,36 @@ public SecurityFilterChain filterChain(HttpSecurity http, JwtAuthService authSer return http.build(); } + @Bean + @Order(1) + public SecurityFilterChain actuatorSecurity(HttpSecurity http, PasswordEncoder passwordEncoder) + throws Exception { + http + .authorizeHttpRequests(auth -> auth + .requestMatchers(actuatorPath + "/**").hasRole("ACTUATOR") + .anyRequest().denyAll() + ) + .httpBasic(AbstractHttpConfigurer::disable) + .userDetailsService(userDetailsService(passwordEncoder)) + .cors(cors -> cors.configurationSource(corsConfigurationSource())) + .csrf(AbstractHttpConfigurer::disable) + .sessionManagement(session -> session + .sessionCreationPolicy(SessionCreationPolicy.STATELESS) + ); + + return http.build(); + } + + public UserDetailsService userDetailsService(PasswordEncoder passwordEncoder) { + User user = (User) User.withUsername(actuatorProperties.getUser()) + .password(passwordEncoder.encode(actuatorProperties.getPassword())) + .roles(actuatorProperties.getRoleName()) + .build(); + return new InMemoryUserDetailsManager(user); + } + public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); - configuration.addAllowedOriginPattern("*"); configuration.addAllowedHeader("*"); configuration.addAllowedMethod("*"); @@ -100,7 +117,6 @@ public CorsConfigurationSource corsConfigurationSource() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); - return source; } @@ -123,5 +139,4 @@ public RestAuthenticationEntryPoint restAuthenticationEntryPoint() { public CustomAccessDeniedHandler accessDeniedHandler() { return new CustomAccessDeniedHandler(); } - } diff --git a/src/main/resources/application-prod.yml b/src/main/resources/application-prod.yml index 851fa55a..816cbf8b 100644 --- a/src/main/resources/application-prod.yml +++ b/src/main/resources/application-prod.yml @@ -21,11 +21,6 @@ spring: init: mode: never - security: - user: - name: ${MONITORING_USERNAME} - password: ${MONITORING_USER_PASSWORD} - jwt: header: "Authorization" prefix: "Bearer" @@ -58,3 +53,8 @@ management: enabled: true server: port: 9090 + +actuator: + user: ${MONITORING_USERNAME} + password: ${MONITORING_USER_PASSWORD} + role-name: ACTUATOR From 000e6fc69b6180351633df2cd1e39413f15a3ab0 Mon Sep 17 00:00:00 2001 From: wonjunYou Date: Mon, 30 Sep 2024 19:33:22 +0900 Subject: [PATCH 8/9] =?UTF-8?q?[DEV-77]=20@Value=EB=A5=BC=20=ED=86=B5?= =?UTF-8?q?=ED=95=B4=20=ED=99=98=EA=B2=BD=EB=B3=80=EC=88=98=20=EC=A3=BC?= =?UTF-8?q?=EC=9E=85=EB=B0=9B=EB=8F=84=EB=A1=9D=20=EB=B3=80=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/config/ActuatorProperties.java | 15 ------------- .../common/config/SecurityConfig.java | 21 ++++++++++++------- src/main/resources/application-prod.yml | 2 +- 3 files changed, 14 insertions(+), 24 deletions(-) delete mode 100644 src/main/java/ddingdong/ddingdongBE/common/config/ActuatorProperties.java diff --git a/src/main/java/ddingdong/ddingdongBE/common/config/ActuatorProperties.java b/src/main/java/ddingdong/ddingdongBE/common/config/ActuatorProperties.java deleted file mode 100644 index f1f66595..00000000 --- a/src/main/java/ddingdong/ddingdongBE/common/config/ActuatorProperties.java +++ /dev/null @@ -1,15 +0,0 @@ -package ddingdong.ddingdongBE.common.config; - -import lombok.Getter; -import org.springframework.boot.context.properties.ConfigurationProperties; -import org.springframework.stereotype.Component; - -@Component -@ConfigurationProperties(prefix = "actuator") -@Getter -public class ActuatorProperties { - - private String user; - private String password; - private String roleName; -} diff --git a/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java b/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java index 40e03fbb..7b566e01 100644 --- a/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java +++ b/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java @@ -7,6 +7,7 @@ import ddingdong.ddingdongBE.common.handler.CustomAccessDeniedHandler; import ddingdong.ddingdongBE.common.handler.RestAuthenticationEntryPoint; import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; @@ -27,18 +28,22 @@ @Configuration @EnableWebSecurity +@EnableConfigurationProperties public class SecurityConfig { private static final String API_PREFIX = "/server"; - @Value("security.actuator.base-path") + @Value("management.endpoints.web.base-path") private String actuatorPath; - private final ActuatorProperties actuatorProperties; + @Value("actuator") + private String userName; - public SecurityConfig(ActuatorProperties actuatorProperties) { - this.actuatorProperties = actuatorProperties; - } + @Value("actuator") + private String password; + + @Value("actuator") + private String roleName; @Bean @Order(0) @@ -101,9 +106,9 @@ public SecurityFilterChain actuatorSecurity(HttpSecurity http, PasswordEncoder p } public UserDetailsService userDetailsService(PasswordEncoder passwordEncoder) { - User user = (User) User.withUsername(actuatorProperties.getUser()) - .password(passwordEncoder.encode(actuatorProperties.getPassword())) - .roles(actuatorProperties.getRoleName()) + User user = (User) User.withUsername(userName) + .password(passwordEncoder.encode(password)) + .roles(roleName) .build(); return new InMemoryUserDetailsManager(user); } diff --git a/src/main/resources/application-prod.yml b/src/main/resources/application-prod.yml index 816cbf8b..200db7e2 100644 --- a/src/main/resources/application-prod.yml +++ b/src/main/resources/application-prod.yml @@ -55,6 +55,6 @@ management: port: 9090 actuator: - user: ${MONITORING_USERNAME} + user-name: ${MONITORING_USERNAME} password: ${MONITORING_USER_PASSWORD} role-name: ACTUATOR From 6ff71119a1851f4ceae9033b4ce89b877bb9d741 Mon Sep 17 00:00:00 2001 From: wonjunYou Date: Mon, 30 Sep 2024 20:04:44 +0900 Subject: [PATCH 9/9] =?UTF-8?q?[DEV-77]=20actuator=20permitAll()=20?= =?UTF-8?q?=EC=84=A4=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/ddingdong/ddingdongBE/common/config/SecurityConfig.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java b/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java index 7b566e01..50207dd8 100644 --- a/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java +++ b/src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java @@ -54,6 +54,7 @@ public SecurityFilterChain filterChain(HttpSecurity http, JwtAuthService authSer .requestMatchers(API_PREFIX + "/auth/**").permitAll() .requestMatchers(API_PREFIX + "/admin/**").hasRole("ADMIN") .requestMatchers(API_PREFIX + "/club/**").hasRole("CLUB") + .requestMatchers(API_PREFIX + "/actuator/**").permitAll() .requestMatchers(GET, API_PREFIX + "/clubs/**", API_PREFIX + "/notices/**",