Java SpringBoot Actuator 可视化监控

简介

开启客户端Actuator认证, 到开启SpringBoot Admin认证, 一步一步配置, 每配一步, 检查对应的效果。
Note:

  • SpringBoot版本:2.1.4
  • SpringBoot Admin版本:2.1.5

    客户端认证:SpringBoot应用开启Actuator认证

    1. 在Maven的pom.xml文件中添加 spring-boot-starter-security 依赖:

    1. <dependency>
    2.   <groupId>org.springframework.boot</groupId>
    3.   <artifactId>spring-boot-starter-security</artifactId>
    4. </dependency>

    2. 配置 Spring Security 认证信息

    1. spring:
    2. security:
    3.   user:
    4.     name: user
    5.     password: password

    3. 测试客户端认证

    此时访问 http://localhost:9000 , 显示如下 Spring Security 默认的登录页面
    SpringBoot实现Actuator端点可视化监控 - 图1

    4. 测试管理端监控信息

    访问 http://localhost:8000 , 发现获取到的数据并不完整, 这是因为客户的应用虽然注册到了管理端, 但是管理端并未获得客户端的认证。
    SpringBoot实现Actuator端点可视化监控 - 图2
    在 application.yml 中增加当前实例注册到管理端的认证信息, 主要是metadata下的 user.name 与 user.password ; ```yaml management: endpoints: web:
    1. exposure:
    2.   include: "*"
    3.   exclude: env,beans
    endpoint:
    health:
    1. show-details: always # 访问/actuator/health时,显示详细信息,而不是仅仅显示"status": "UP"

spring: security: user: name: user password: password boot: admin: client: url: http://localhost:8000 instance: name: ReactiveCrud metadata: # 这个name与password用于在注册到管理端时,使管理端有权限获取客户端端点数据 user.name: ${spring.security.user.name} user.password: ${spring.security.user.password}

  1. 再次访问 http://localhost:8000 , 得到如下信息:<br />![](https://cdn.nlark.com/yuque/0/2021/webp/396745/1639273426949-5bb729e5-dd0b-45f9-ba06-8d4ea9acad97.webp#clientId=u5d576d98-acf6-4&crop=0&crop=0&crop=1&crop=1&from=paste&id=u97c04fb3&margin=%5Bobject%20Object%5D&originHeight=1292&originWidth=1080&originalType=url&ratio=1&rotation=0&showTitle=false&status=done&style=shadow&taskId=ub8037d8d-a846-4208-8db2-1a0225b5958&title=)
  2. <a name="RA2uy"></a>
  3. ### 管理端:SpringBoot Admin开启认证
  4. 以上, 客户端的Actuator通过 Spring Security 开启认证, 而不是让人随便访问, 同理, 管理端也不应该暴露在公网上。<br />同样, Mavenpom.xml文件中添加 spring-boot-starter-security 依赖:
  5. ```xml
  6. <dependency>
  7.     <groupId>org.springframework.boot</groupId>
  8.     <artifactId>spring-boot-starter-security</artifactId>
  9. </dependency>

配置 Spring Security 认证信息

  1. spring:
  2.   security:
  3.     user:
  4.       name: admin
  5.       password: admin

添加 Spring Security 认证路由

  1. import org.springframework.context.annotation.Configuration;
  2. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  3. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
  4. import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
  5. import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
  7. import de.codecentric.boot.admin.server.config.AdminServerProperties;
  9. @Configuration
  10. public class SecuritySecureConfig extends WebSecurityConfigurerAdapter {
  11.     private final String adminContextPath;
  13.     public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
  14.         this.adminContextPath = adminServerProperties.getContextPath();
  15.     }
  17.     @Override
  18.     protected void configure(HttpSecurity http) throws Exception {
  19.         SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
  20.         successHandler.setTargetUrlParameter("redirectTo");
  21.         successHandler.setDefaultTargetUrl(adminContextPath + "/");
  23.         http.authorizeRequests().antMatchers(adminContextPath + "/assets/**").permitAll()
  24.                 .antMatchers(adminContextPath + "/login").permitAll().anyRequest().authenticated().and().formLogin()
  25.                 .loginPage(adminContextPath + "/login").successHandler(successHandler).and().logout()
  26.                 .logoutUrl(adminContextPath + "/logout").and().httpBasic().and().csrf()
  27.                 .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
  28.                 .ignoringAntMatchers(adminContextPath + "/instances", adminContextPath + "/actuator/**");
  29.     }
  30. }

管理端登录 http://localhost:8000
SpringBoot实现Actuator端点可视化监控 - 图3
输入配置的用户信息后, 登录后发现, 页面是空的, 即没有任何应用注册上来!!这时, 由于管理端开启了认证, 那么客户端要想注册上来, 也必须提供认证信息。。
在客户端的 application.yml 中(注意, 是在客户端的配置文件)添加:
SpringBoot实现Actuator端点可视化监控 - 图4
最后, 登录管理端 http://localhost:8000 , 成功后的信息如下, 注意右上角的用户信息:
SpringBoot实现Actuator端点可视化监控 - 图5

附:客户端 application.yml 完整配置

  1. server:
  2.   port: 9000
  4. management:
  5.   endpoints:
  6.     web:
  7.       exposure:
  8.         include: "*"
  9.         exclude: env,beans
  10.   endpoint:        
  11.     health:
  12.       show-details: always
  14. spring:
  15.   security:
  16.     user:
  17.       name: user
  18.       password: password
  19.   boot:
  20.     admin:
  21.       client:
  22.         url: http://localhost:8000
  23.         username: admin # 这个username与password用于注册到管理端,使其通过认证
  24.         password: admin
  25.         instance:
  26.           name: ReactiveCrud
  27.           metadata: # 这个name与password用于在注册到管理端时,使管理端有权限获取客户端端点数据
  28.             user.name: ${spring.security.user.name}
  29.             user.password: ${spring.security.user.password}
  31. info:
  32.   app:
  33.     name: chapter-mogo

附:管理端 application.yml 完整配置

  1. server:
  2.   port: 8000
  4. spring:
  5.   security:
  6.     user:
  7.       name: admin
  8.       password: admin