Spring Boot Admin(项目管理和监控)搭建过程

Spring Boot Admin

简介

Spring Boot Admin 是一个社区项目，作者是codecentric 组织。它用于管理和监控 Spring Boot应用程序。应用程序需要注册到Spring Boot Admin中。可以通过HTTP注册或者Spring Cloud注册中心进行注册。Spring Boot Actuator EndPoints的UI渲染是通过Vue.js。

Spring Boot Admin Server

Spring Boot Admin Server是Spring Boot Admin的服务端，主要用于收集所有客户端的信息，并通过服务端的UI进行统一显示。

搭建步骤

1、添加Spring Boot Admin Server依赖

pom.xml

        <dependency>
            <groupId>de.codecentric</groupId>
            <artifactId>spring-boot-admin-starter-server</artifactId>
        </dependency>
        <dependency>
            <groupId>de.codecentric</groupId>
            <artifactId>spring-boot-admin-server-ui</artifactId>
            <version>2.2.1</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-securit</artifactId>
        </dependency>

2.2.x以上 当前版本支持中文UI

2、添加 @EnableAdminServer注解来启用Spring Boot Admin Server

@EnableAdminServer
@SpringBootApplication
public class SpringBootAdminApplication {
    public static void main(String[] args) {
        SpringApplication.run(SpringBootAdminApplication.class, args);
    }
}

3、启用 Security 进行权限认证

SecuritySecureConfig.java

@Configuration(proxyBeanMethods = false)
public class SecuritySecureConfig extends WebSecurityConfigurerAdapter {

  private final AdminServerProperties adminServer;

  private final SecurityProperties security;

  public SecuritySecureConfig(AdminServerProperties adminServer, SecurityProperties security) {
    this.adminServer = adminServer;
    this.security = security;
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
    successHandler.setTargetUrlParameter("redirectTo");
    successHandler.setDefaultTargetUrl(this.adminServer.path("/"));

    http.authorizeRequests(
        (authorizeRequests) ->
                // 设置 静态资源,/actuator/info,/actuator/health,/login 指定任何人都允许使用这些URL
                authorizeRequests.antMatchers(this.adminServer.path("/assets/**")).permitAll()
            .antMatchers(this.adminServer.path("/actuator/info")).permitAll()
            .antMatchers(this.adminServer.path("/actuator/health")).permitAll()
            .antMatchers(this.adminServer.path("/login")).permitAll()
                        //其他所有url必须通过验证
                        .anyRequest().authenticated()
    ).formLogin(
            //配置 登录页面 ，并设置 登录成功后的后续处理
        (formLogin) -> formLogin.loginPage(this.adminServer.path("/login")).successHandler(successHandler).and() 
    ).logout((logout) -> logout.logoutUrl(this.adminServer.path("/logout")))
            //启用 HTTP 的认证支持，（Spring Boot Admin Client）需要
            .httpBasic(Customizer.withDefaults())
            //使用cookie启用CSRF-Protection
        .csrf((csrf) -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
            .ignoringRequestMatchers(
                    //为Spring Boot Admin Client 用于(取消)注册的端点禁用CSRF-Protection
                new AntPathRequestMatcher(this.adminServer.path("/instances"),
                    HttpMethod.POST.toString()),
                new AntPathRequestMatcher(this.adminServer.path("/instances/*"),
                    HttpMethod.DELETE.toString()),
                //Disables CSRF-Protection for the actuator endpoints.
                new AntPathRequestMatcher(this.adminServer.path("/actuator/**")) 
            ))
        .rememberMe((rememberMe) -> rememberMe.key(UUID.randomUUID().toString()).tokenValiditySeconds(1209600));
  }

  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication().withUser(security.getUser().getName())
        .password("{noop}" + security.getUser().getPassword()).roles("USER");
  }

}

application.yml

spring:
  security:
    user:
      password: 123456
      name: admin

Spring Boot Admin Client

Spring Boot Admin Client通常指，需要管理或监控的应用程序。
要在Spring Boot Admin Server上注册应用程序，可以包括HTTP直连Spring Boot Admin Server或使用注册中心。同时Spring Boot Admin Client为了endpoints的安全 必须依赖spring-boot-starter-security。

HTTP直连Spring Boot Admin Server

1、在应用程序中添加依赖

pom.xml

		<dependency>
			<groupId>de.codecentric</groupId>
			<artifactId>spring-boot-admin-starter-client</artifactId>
		    <version>2.2.1.RELEASE<version>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-security</artifactId>
		</dependency>

2、在Spring Boot Admin Client配置Spring Boot Admin Server的URL启用Client。

application.yml

spring:
  boot:
    admin:
      client:
        url: http://${ADMIN_DEFAULT_HOST}:${ADMIN_DEFAULT_PORT}
        password: 123456
        username: admin
management:
  endpoints:
    web:
      exposure:
        include: '*'

spring.boot.admin.client.url是spring boot admin server 对应的URL地址

spring.boot.admin.client.password/username是配置的spring boot admin server security账号密码

management.endpoints.web.exposure.include可以选择开放项目对应的管理监控端点。*代表开放所有。

注意：如果系统中对路径权限有特定的设置，需要对/actuator/**进行特定的权限配置

Spring Boot Admin Client Config

官网上配置基于默认值，我们可以使用ApplicationFactory 进行重新定义。

Spring Boot Admin Server Config

官网上配置

验证安装成功

访问 http://localhost:8080