dalbodeule/snap-admin
1
0
Fork 0
mirror of https://github.com/dalbodeule/snap-admin.git synced 2025-06-09 05:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Warning message

Browse Source
This commit is contained in:
Francesco 2023-11-07 15:26:07 +01:00
parent 4cd1f4101b
commit 6a8c08caed
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/main/java/tech/ailef/snapadmin/external/StartupAuthCheckRunner.java vendored
View File

@ -48,6 +48,14 @@ public class StartupAuthCheckRunner {
@Autowired @Autowired
private SnapAdminProperties properties; private SnapAdminProperties properties;
/**
* This event listener gets called after the server is initialized in order
* to have access to the value of the port (needed to build the URL at runtime).
* The method checks if SnapAdmin is accessible (status code == 200) to determine
* whether security is enabled, and if this is not the case it sets flags
* to display appropriate warnings.
* @return
*/
@Bean @Bean
ApplicationListener<ServletWebServerInitializedEvent> serverPortListenerBean() { ApplicationListener<ServletWebServerInitializedEvent> serverPortListenerBean() {
return event -> { return event -> {
@ -65,8 +73,8 @@ public class StartupAuthCheckRunner {
snapAdmin.setAuthenticated(statusCode != 200); snapAdmin.setAuthenticated(statusCode != 200);
if (statusCode == 200) { if (statusCode == 200) {
logger.warn("It seems SnapAdmin routes are not protected with authentication. The URL " logger.warn("It appears that you have not enabled security so SnapAdmin is publicly accessible. "
+ url + " is publicly accessible: be careful!"); + "Read here to learn how to secure SnapAdmin with Spring Security: https://www.snapadmin.dev/docs/#security");
} }
} catch (IOException e) { } catch (IOException e) {