Spring Boot Admin用于管理和监控Spring Boot程序,Spring Boot Admin 作为 Server 端,其他的要被监控的应用作为 Client 端。前面几篇文章搭建的model如service-feign,service-ribbon,eureka-client之类的都可以是被监控的Client端。
一、搭建Admin Server服务端
新建model:admin-server
pom.xml
<dependencies>
<dependency>
<groupId>de.codecentric</groupId>
<artifactId>spring-boot-admin-starter-server</artifactId>
<version>2.0.1</version>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.jolokia</groupId>
<artifactId>jolokia-core</artifactId>
</dependency>
</dependencies>应用主类添加注解并添加配置(这个配置来资源官方文档推荐):
@SpringBootApplication
@EnableAdminServer
@EnableEurekaClient
public class AdminServerApplication {
public static void main(String[] args) {
SpringApplication.run(AdminServerApplication.class, args);
}
@Profile("insecure")
@Configuration
public static class SecurityPermitAllConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().permitAll()//
.and().csrf().disable();
}
}
@Profile("secure")
@Configuration
public static class SecuritySecureConfig extends WebSecurityConfigurerAdapter {
private final String adminContextPath;
public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
this.adminContextPath = adminServerProperties.getContextPath();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
successHandler.setTargetUrlParameter("redirectTo");
http.authorizeRequests()
.antMatchers(adminContextPath + "/assets/**").permitAll()
.antMatchers(adminContextPath + "/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
.logout().logoutUrl(adminContextPath + "/logout").and()
.httpBasic().and()
.csrf().disable();
// @formatter:on
}
}
}可以看出是两种选项,是否需要secure安全保护。可以再配置文件里选择激活哪种配置。
application.yml
spring:
application:
name: admin-server
profiles:
active:
- secure
server:
port: 9997
# tag::configuration-eureka[]
eureka: #<1>
instance:
leaseRenewalIntervalInSeconds: 10
health-check-url-path: /actuator/health
client:
registryFetchIntervalSeconds: 5
serviceUrl:
defaultZone: ${EUREKA_SERVICE_URL:http://localhost:7777}/eureka/
management:
endpoints:
web:
exposure:
include: "*" #<2>
endpoint:
health:
show-details: ALWAYS
# end::configuration-eureka[]
---
spring:
profiles: insecure
---
spring:
profiles: secure
security:
user:
name: "user"
password: "password"
eureka:
instance:
metadata-map:
user.name: "user" #These two are needed so that the server
user.password: "password" #can access the protected client endpoints二、修改客户端
在原来service-feign,service-ribbon,eureka-client三个model的基础上修改其依赖和配置,新增依赖:
<dependency>
<groupId>de.codecentric</groupId>
<artifactId>spring-boot-admin-starter-client</artifactId>
<version>2.0.1</version>
</dependency>配置文件新增配置:
spring:
boot:
admin:
client:
url: "http://localhost:9997"
management:
endpoints:
web:
exposure:
include: '*'
endpoint:
health:
show-details: ALWAYSSpring Boot 2.0 的 Actuator 只暴露了 /health、/info 两个端口(为了安全考虑),所以要配置 management.endpoints.web.exposure.include 的属性。
三、测试
启动eureka-server,admin-server,eureka-client,service-feign,service-ribbon
访问:http://localhost:9997,输入配置好的用户名和密码
