spring-boot-admin 配合eureka實現 微服務監控
阿新 • • 發佈:2018-12-24
admin server配置:
pom依賴:
<dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-actuator</artifactId> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-eureka</artifactId> </dependency> <dependency> <groupId>de.codecentric</groupId> <artifactId>spring-boot-admin-server</artifactId> <version>${springBootAdminVersion}</version> </dependency> <dependency> <groupId>de.codecentric</groupId> <artifactId>spring-boot-admin-server-ui</artifactId> <version>${springBootAdminVersion}</version> </dependency> <!--整合turbine和hystrix--> <dependency> <groupId>de.codecentric</groupId> <artifactId>spring-boot-admin-server-ui-hystrix</artifactId> <version>${springBootAdminVersion}</version> </dependency> <dependency> <groupId>de.codecentric</groupId> <artifactId>spring-boot-admin-server-ui-turbine</artifactId> <version>${springBootAdminVersion}</version> </dependency> <!--整合Activiti模組--> <dependency> <groupId>de.codecentric</groupId> <artifactId>spring-boot-admin-server-ui-activiti</artifactId> <version>${springBootAdminVersion}</version> </dependency> <!--整合登入UI模組--> <dependency> <groupId>de.codecentric</groupId> <artifactId>spring-boot-admin-server-ui-login</artifactId> <version>${springBootAdminVersion}</version> </dependency> <!--整合security安全模組--> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <!--整合郵件告警--> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-mail</artifactId> </dependency> <!--新增jolokia依賴--> <dependency> <groupId>org.jolokia</groupId> <artifactId>jolokia-core</artifactId> </dependency> </dependencies>
yml配置:
server: port: 8505 spring: application: name: cloud-admin boot: admin: routes: endpoints: env,metrics,dump,jolokia,info,configprops,trace,logfile,refresh,flyway,liquibase,heapdump,loggers,auditevents,hystrix.stream,activiti notify: mail: to:
[email protected] #郵件告警 收件人列表 from: [email protected] #郵件告警 發件人列表 mail: #郵件告警配置 host: smtp.qq.com username: [email protected] #傳送方的郵箱 password: xurokmklgmjnbcgh #對於qq郵箱而言 需要在郵箱設定裡面生成的授權碼,這個不是真實的密碼 # properties: # mail.debug: false # mail.smtp.auth: true eureka: instance: leaseRenewalIntervalInSeconds: 10 health-check-url-path: /actuator/health client: registryFetchIntervalSeconds: 5 serviceUrl: defaultZone: http://192.168.1.204:8201/eureka/ management: security: enabled: false #關閉Basic認證 security: #配置登陸使用者名稱、密碼 user: name: admin password: admin basic: enabled: false
啟動類添加註解:
package com.boao.platform.admin;
import de.codecentric.boot.admin.config.EnableAdminServer;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
import org.springframework.context.annotation.Configuration;
@Configuration
@EnableAutoConfiguration
@SpringBootApplication
@EnableDiscoveryClient
@EnableAdminServer
//@EnableEurekaClient
public class AdminApplication {
public static void main(String[] args) {
SpringApplication.run(AdminApplication.class, args);
}
}
結合Security的許可權控制類:包含 admin server登陸、指定url過濾功能
package com.boao.platform.admin.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
* 配置HTTPBASIC許可權驗證
* Created by liyy on 2018/8/6.
*/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, proxyTargetClass = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
//忽略css.jq.img等檔案
web.ignoring().antMatchers("/**.html", "/**.css", "/img/**", "/**.js", "/third-party/**","/api/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable() //HTTP with Disable CSRF
.authorizeRequests() //Authorize Request Configuration
.antMatchers("/login",
"/api/**",
"/**/heapdump",
"/**/loggers",
"/**/liquibase",
"/**/logfile",
"/**/flyway",
"/**/auditevents",
"/**/jolokia").permitAll() //放開"/api/**":為了給被監控端免登入註冊並解決Log與Logger衝突
.and()
.authorizeRequests()
.antMatchers("/**").hasRole("USER")
.antMatchers("/**").authenticated()
.and() //Login Form configuration for all others
.formLogin()
.loginPage("/login.html")
.loginProcessingUrl("/login").permitAll()
.defaultSuccessUrl("/")
.and() //Logout Form configuration
.logout()
.deleteCookies("remove")
.logoutSuccessUrl("/login.html").permitAll()
.and()
.httpBasic();
}
}
client端配置:
<!--增加eureka-server的依賴 -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-eureka</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<!--開啟HTTP basic認證,保護actuator敏感端點-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
yml配置:
security:
user:
name: admin
password: 123456
eureka:
instance:
statusPageUrlPath: /info
healthCheckUrlPath: /health
preferIpAddress: true
metadata-map: #admin監控模組需要獲取此處的使用者名稱、密碼進行訪問敏感埠
user.name: ${security.user.name}
user.password: ${security.user.password}
client:
serviceUrl:
defaultZone: http://192.168.1.241:8201/eureka/
結合Security的許可權控制類:包含 指定url過濾功能
package com.boao.platform.search.config;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
* 配置HTTPBASIC許可權驗證
* 需結合閘道器zuul服務配置 strip-prefix: false(轉發時帶上字首/api),統一使用api字首實現過濾,由於涉及服務較多 後續再統一處理。
* Created by liyy on 2018/8/6.
*/
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
//忽略css.jq.img等檔案
web.ignoring().antMatchers("/**.html", "/**.css", "/img/**", "/**.js", "/third-party/**","/search/**","/EnterpriseExtend/**","/EnterpriseExtendRecommend/**");
}
}