Spring Boot Admin Reference Guide - 监控服务配置

什么是Spring Boot Admin

Spring Boot Admin 是管理和监控你的SpringBoot应用程序的社区项目，做者codecentric。应用程序经过Spring Boot Admin Client进行注册，HTTP方式或者使用springcloud服务发现(例如：Eureka,Consul)。Spring Boot Admin UI只是Spring Boot Actuator endpoints上的一个AngularJs应用程序，提供图形化界面的展现。

版本说明

SpringBoot	2.0.1.RELEASE
SpringBootAdmin	2.0.0-SNAPSHOT

SpringBoot2.0版本以后配置文件会有部分调整，本文不适用于 2.0以前的版本

项目集成之SpringBoot项目

Admin服务端配置

1. pom.xml中引入Maven依赖

<dependency>
    <groupId>de.codecentric</groupId>
    <artifactId>spring-boot-admin-starter-server</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
</dependency>

PS： spring-boot-admin-starter-server包含 spring-boot-admin-server和 spring-boot-admin-server-ui两个依赖

2. 开启@EnableAdminServer注解支持

@SpringBootApplication
@EnableAdminServer
public class AdminServerSpringStrap {
    public static void main(String[] args) {
        SpringApplication.run(AdminServerSpringStrap.class, args);
    }
}

PS：若是使用SpringBootAutoConfiguration方式自动引入注解配置须要添加 @AutoConfigureBefore({AdminServerAutoConfiguration.class})，不然 @EnableAdminServer注解无效

至此Admin服务端已经配置完毕。

Admin客户端配置

1. pom.xml中引入Maven依赖

<dependency>
    <groupId>de.codecentric</groupId>
    <artifactId>spring-boot-admin-starter-client</artifactId>
</dependency>

2. application.yml配置

---
spring:
  profiles: client
  application:
      name: client
  boot:
    admin:
      client:
        url: "http://localhost:8080/"    // Admin服务端地址，根据实际状况更改
server:
  port: 8081
management:
  endpoints:
    web:
      exposure:
        include: "*"    // SpringBootActuator监控暴露全部接口

PS： SpringBoot2.0以后大部分endpoints不会被暴露，上面咱们暴露了全部endpoints，如应用到生产环境，考虑到安全问题，对于 Actuator的 Endpoints请根据须要进行配置

至此Admin客户端已经配置完毕。

运行概览图

• Admin首页

• Admin 客户端详细监控信息页面

添加SpringSecurity进行权限控制

pom.xml添加Maven依赖

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

添加到须要进行权限控制的项目中

一. 仅Admin客户端进行权限控制

1. Admin客户端application.yml配置

---
spring:
  profiles: client
  application:
      name: client
  boot:
    admin:
      client:
        url: "http://localhost:8080"
        instance:
          metadata:
            user.name: ${spring.security.user.name}
            user.password: ${spring.security.user.password}
  security:
    user:
      name: client
      password: client
server:
  port: 8081
management:
  endpoints:
    web:
      exposure:
        include: "*"

PS：
security下的属性配置 httpBasic的用户名密码
instance.metadata下的属性配置向 Admin服务端传输本客户端的用户名和密码，这样Admin服务端请求的时候会携带已传递的用户名密码，若是此处的密码和 security下的不一致，则服务端将没有权限访问客户端的监控

配置完成后，启动客户端，服务端请求客户端监控接口的时候会带上客户端传递的凭证，至此完毕。

二. Admin服务端和客户端都要进行权限控制

1. Admin服务端增长SpringSecurity的权限配置

启动器添加 @EnableWebSecurity注解

@Configuration
public static class SecuritySecureConfig extends WebSecurityConfigurerAdapter {
    private final String adminContextPath;

    public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
        this.adminContextPath = adminServerProperties.getContextPath();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        successHandler.setTargetUrlParameter("redirectTo");

        http.authorizeRequests()
            .antMatchers(adminContextPath + "/assets/**").permitAll()
            .antMatchers(adminContextPath + "/login").permitAll()
            .anyRequest().authenticated()
            .and()
        .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
        .logout().logoutUrl(adminContextPath + "/logout").and()
        .httpBasic().and()
        .csrf().disable();
        // @formatter:on
    }
}

2. Admin服务端application.yml配置

---
spring:
  profiles: admin
  application:
    name: admin
  security:
    user:
      name: admin
      password: admin
server:
  port: 8080
management:
  endpoints:
    web:
      exposure:
        include: "*"

3. Admin客户端application.yml配置

---
spring:
  profiles: client
  application:
      name: client
  security:
    user:
      name: client
      password: client
  boot:
    admin:
      client:
        url: "http://localhost:8080"
        instance:
          metadata:
            user.name: ${spring.security.user.name}
            user.password: ${spring.security.user.password}
        username: admin
        password: admin
server:
  port: 8081
management:
  endpoints:
    web:
      exposure:
        include: "*"

PS：客户端增长了 spring.boot.admin.client.[username,password]配置，此配置是传递 Admin服务端的凭证信息，不然不能注册到Admin服务端。其余配置同上一节 仅Admin客户端进行权限控制一致。

若是须要Admin服务端本身注册本身，则只要将Admin服务端的application.yml与客户端一致便可。

至此SpringSecurity权限控制配置完毕。

项目集成之SpringCloud项目(Eureka)

此文只说明 Spring-Boot-Admin集成 Eureka的配置，至于Eureka的集成请关注个人后续文章。

1. Maven依赖说明
Spring-Boot-Admin的相关依赖请参考上述说明

2. Admin服务端配置

spring:
  application:
    name: server-admin
  security:
    user:
      name: admin
      password: admin
server:
  port: 9888
eureka:
  client:
    service-url:
      defaultZone: ${EUREKA_SERVICE_URL:http://localhost:8761}/eureka/
    registry-fetch-interval-seconds: 5
  instance:
    metadata-map:
      user.name: ${spring.security.user.name}
      user.password: ${spring.security.user.password}
    lease-renewal-interval-in-seconds: 10
    health-check-url-path: /actuator/health
management:
  endpoints:
    web:
      exposure:
        include: "*"

配置基本同 SpringBoot项目一致，不一样的是将Admin服务端注册到 Eureka注册中心，此配置包含权限控制，根据须要进行删减。

3. Admin客户端配置

spring:
  application:
    name: service-hi
  security:
    user:
      name: client
      password: client
server:
  port: 8762

eureka:
  client:
    service-url:
      defaultZone: ${EUREKA_SERVICE_URL:http://localhost:8761}/eureka/
    registry-fetch-interval-seconds: 5
  instance:
    metadata-map:
      user.name: ${spring.security.user.name}
      user.password: ${spring.security.user.password}
    lease-renewal-interval-in-seconds: 10
    health-check-url-path: /actuator/health
management:
  endpoints:
    web:
      exposure:
        include: "*"

配置基本同 SpringBoot项目一致，不一样的是将Admin客户端注册到 Eureka注册中心，此配置包含权限控制，根据须要进行删减。若是客户端和服务端都注册到 同一个注册中心，则不须要在客户端指定服务端的地址，而且不须要在客户端配置服务端的凭证信息。

至此Spring-Boot-Admin集成到Eureka完毕。

附加说明

• 项目做者codecentric的GitHub：spring-boot-admin
• 做者codecentric写的项目指导：Spring Boot Admin Reference Guide

• admin项目Maven仓库

  <repository>
      <id>sonatype-nexus-snapshots</id>
      <name>Sonatype Nexus Snapshots</name>
      <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
      <snapshots>
          <enabled>true</enabled>
      </snapshots>
      <releases>
          <enabled>false</enabled>
      </releases>
  </repository>