日韩无码专区无码一级三级片|91人人爱网站中日韩无码电影|厨房大战丰满熟妇|AV高清无码在线免费观看|另类AV日韩少妇熟女|中文日本大黄一级黄色片|色情在线视频免费|亚洲成人特黄a片|黄片wwwav色图欧美|欧亚乱色一区二区三区

RELATEED CONSULTING
相關(guān)咨詢
選擇下列產(chǎn)品馬上在線溝通
服務(wù)時(shí)間:8:30-17:00
你可能遇到了下面的問題
關(guān)閉右側(cè)工具欄

新聞中心

這里有您想知道的互聯(lián)網(wǎng)營銷解決方案
SpringCloud—SpringBootAdmin微服務(wù)監(jiān)控告警系統(tǒng)

業(yè)務(wù)系統(tǒng)正常運(yùn)行的穩(wěn)定性十分重要,作為SpringBoot的四大核心之一,Actuator讓你時(shí)刻探知SpringBoot服務(wù)運(yùn)行狀態(tài)信息,是保障系統(tǒng)正常運(yùn)行必不可少的組件。

創(chuàng)新互聯(lián)建站主要從事成都網(wǎng)站制作、做網(wǎng)站、外貿(mào)營銷網(wǎng)站建設(shè)、網(wǎng)頁設(shè)計(jì)、企業(yè)做網(wǎng)站、公司建網(wǎng)站等業(yè)務(wù)。立足成都服務(wù)巢湖,十多年網(wǎng)站建設(shè)經(jīng)驗(yàn),價(jià)格優(yōu)惠、服務(wù)專業(yè),歡迎來電咨詢建站服務(wù):028-86922220

spring-boot-starter-actuator提供的是一系列HTTP或者JMX監(jiān)控端點(diǎn),通過監(jiān)控端點(diǎn)我們可以獲取到系統(tǒng)的運(yùn)行統(tǒng)計(jì)信息,同時(shí),我們可以自己選擇開啟需要的監(jiān)控端點(diǎn),也可以自定義擴(kuò)展監(jiān)控端點(diǎn)。??

Actuator通過端點(diǎn)對外暴露的監(jiān)控信息是JSON格式數(shù)據(jù),我們需要使用界面來展示,目前使用比較多的就是Spring Boot Admin或者Prometheus + Grafana的方式:Spring Boot Admin實(shí)現(xiàn)起來相對比較簡單,不存在數(shù)據(jù)庫,不能存儲和展示歷史監(jiān)控?cái)?shù)據(jù);Prometheus(時(shí)序數(shù)據(jù)庫) + Grafana(界面)的方式相比較而言功能更豐富,提供歷史記錄存儲,界面展示也比較美觀。??

相比較而言,Prometheus + Grafana的方式更為流行一些,現(xiàn)在的微服務(wù)及Kubernetes基本是采用這種方式的。但是對于小的項(xiàng)目或者單體應(yīng)用,Spring Boot Admin會更加方便快捷一些。具體采用哪種方式,可以根據(jù)自己的系統(tǒng)運(yùn)維需求來取舍,這里我們把框架集成兩種方式,在實(shí)際應(yīng)用過程中自有選擇。

本文主要介紹如何集成Spring Boot Admin以及通過SpringSecurity控制Actuator的端點(diǎn)權(quán)限。

1、在基礎(chǔ)服務(wù)gitegg-platform中引入spring-boot-starter-actuator包。

無論是使用Spring Boot Admin還是使用Prometheus + Grafana的方式都需要spring-boot-starter-actuator來獲取監(jiān)控信息,這里將spring-boot-starter-actuator包添加到gitegg-platform-boot基礎(chǔ)平臺包中,這樣所有的微服務(wù)都集成了此功能。

                    org.springframework.boot            spring-boot-starter-actuator

2、確定并引入工程使用的spring-boot-admin-starter-server和spring-boot-admin-starter-client依賴包。

spring-boot-admin-starter-server是Spring Boot Admin的服務(wù)端,我們需要新建一個(gè)SpringBoot工程來啟動這個(gè)服務(wù)端,用來接收需要監(jiān)控的服務(wù)注冊,展示監(jiān)控告警信息。spring-boot-admin-starter-client是客戶端,需要被監(jiān)控的服務(wù)需要引入這個(gè)依賴包。??

此處請注意: 看到網(wǎng)上很多文章里面寫著添加spring-boot-admin-starter-client包,在SpringCloud微服務(wù)中是不需要引入的,spring-boot-admin-starter-client包僅僅是為了引入我們gitegg-platform平臺工程的對應(yīng)版本,在gitegg-boot框架中使用,在SpringCloud微服務(wù)框架中,不需要引入spring-boot-admin-starter-client,SpringBootAdmin會自動根據(jù)微服務(wù)注冊信息查找服務(wù)端點(diǎn),官方文檔說明:spring-cloud-discovery-support 。??

在選擇版本時(shí),一定要找到對應(yīng)SpringBoot版本的Spring Boot Admin,GitHub上有版本對應(yīng)關(guān)系的說明:

我們在gitegg-platform-pom中來定義需要引入的spring-boot-admin-starter-server和spring-boot-admin-starter-client依賴包版本,然后在微服務(wù)業(yè)務(wù)開發(fā)中具體引入,這里不做統(tǒng)一引入,方便微服務(wù)切換監(jiān)控方式。

......                2.3.1......                                        de.codecentric                spring-boot-admin-starter-server                ${spring.boot.admin.version}                                                    de.codecentric                spring-boot-admin-starter-client                ${spring.boot.admin.version}            .......

3、在GitEgg-Cloud項(xiàng)目的gitegg-plugin工程下新建gitegg-admin-monitor工程,用于運(yùn)行spring-boot-admin-starter-server。

pom.xml中引入需要的依賴包:

                            com.gitegg.platform            gitegg-platform-boot                                                            com.gitegg.platform                    gitegg-platform-cache                                                                com.gitegg.platform            gitegg-platform-cloud                                    org.springframework.boot            spring-boot-starter-security                                                            org.springframework.boot                    spring-boot-starter-logging                                                        de.codecentric            spring-boot-admin-starter-server

添加spring-boot-admin-starter-server啟動類GitEggMonitorApplication.java,添加@EnableAdminServer注解即可。

@EnableAdminServer@SpringBootApplication@RefreshScopepublic class GitEggMonitorApplication {        public static void main(String[] args)    {        SpringApplication.run(GitEggMonitorApplication.class, args);    }    }
  • 添加SpringSecurity的WebSecurityConfigurerAdapter配置類,保護(hù)監(jiān)控系統(tǒng)安全。??

這里主要配置登錄頁面、靜態(tài)文件、登錄、退出等的權(quán)限。請注意這里配置了publicUrl的前綴,當(dāng)部署在微服務(wù)環(huán)境或Docker環(huán)境中需要經(jīng)過gateway或者nginx轉(zhuǎn)發(fā)時(shí),在SpringBootAdmin配置中,需要配置publicUrl,否則SpringBootAdmin只會跳轉(zhuǎn)到本機(jī)環(huán)境的地址和端口。publicUrl如果是80端口,那么這個(gè)端口不能省略,需要配置上。

@Configuration(proxyBeanMethods = false)public class SecuritySecureConfig extends WebSecurityConfigurerAdapter {        private final AdminServerUiProperties adminUi;        private final AdminServerProperties adminServer;        private final SecurityProperties security;        public SecuritySecureConfig(AdminServerUiProperties adminUi, AdminServerProperties adminServer, SecurityProperties security) {        this.adminUi = adminUi;        this.adminServer = adminServer;        this.security = security;    }        @Override    protected void configure(HttpSecurity http) throws Exception {                // 當(dāng)設(shè)置了publicUrl時(shí),Gateway跳轉(zhuǎn)到login或logout鏈接需要redirect到publicUrl        String publicUrl = this.adminUi.getPublicUrl() != null ? this.adminUi.getPublicUrl() : this.adminServer.getContextPath();        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();        successHandler.setTargetUrlParameter("redirectTo");        successHandler.setDefaultTargetUrl(publicUrl + "/");                http.authorizeRequests(                (authorizeRequests) -> authorizeRequests.antMatchers(this.adminServer.path("/assets/**")).permitAll()                        .antMatchers(this.adminServer.path("/actuator/info")).permitAll()                        .antMatchers(this.adminServer.path("/actuator/health")).permitAll()                        .antMatchers(this.adminServer.path("/login")).permitAll().anyRequest().authenticated()        ).formLogin(                (formLogin) -> formLogin.loginPage(publicUrl + "/login").loginProcessingUrl(this.adminServer.path("/login")).successHandler(successHandler).and()        ).logout((logout) -> logout.logoutUrl(publicUrl + "/logout")).httpBasic(Customizer.withDefaults())                .csrf((csrf) -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())                        .ignoringRequestMatchers(                                new AntPathRequestMatcher(this.adminServer.path("/instances"),                                        HttpMethod.POST.toString()),                                new AntPathRequestMatcher(this.adminServer.path("/instances/*"),                                        HttpMethod.DELETE.toString()),                                new AntPathRequestMatcher(this.adminServer.path("/actuator/**"))                        ))                .rememberMe((rememberMe) -> rememberMe.key(UUID.randomUUID().toString()).tokenValiditySeconds(1209600));    }        /**     * Required to provide UserDetailsService for "remember functionality"     * @param auth     * @throws Exception     */    @Override    protected void configure(AuthenticationManagerBuilder auth) throws Exception {        auth.inMemoryAuthentication().withUser(security.getUser().getName())                .password("{noop}" + security.getUser().getPassword()).roles(security.getUser().getRoles().toArray(new String[0]));    }    }

4、在Nacos配置中心配置SpringBootAdmin的相關(guān)配置,在gitegg-admin-monitor工程中,也需要配置讀取配置的相關(guān)yml文件,除了讀取主配置之外,還需要讀取SpringBootAdmin專屬配置。

  • 新增gitegg-cloud-config-admin-monitor.yaml配置文件。
spring:  boot:    admin:      ui:        brand: GitEgg微服務(wù)監(jiān)控系統(tǒng)        title: GitEgg微服務(wù)監(jiān)控系統(tǒng)        favicon: http://img.gitegg.com/cloud/docs/images/logo.png        public-url: http://127.0.0.1:80/gitegg-admin-monitor/monitor      context-path: /monitor
  • 在bootstrap.yml中新增讀取gitegg-cloud-config-admin-monitor.yaml的配置
server:  port: 8009spring:  profiles:    active: '@spring.profiles.active@'  application:    name: '@artifactId@'  cloud:    inetutils:      ignored-interfaces: docker0    nacos:      discovery:        server-addr: ${spring.nacos.addr}        metadata:          # 啟用SpringBootAdmin時(shí) 客戶端端點(diǎn)信息的安全認(rèn)證信息          user.name: ${spring.security.user.name}          user.password: ${spring.security.user.password}      config:        server-addr: ${spring.nacos.addr}        file-extension: yaml        extension-configs:          # 必須帶文件擴(kuò)展名,此時(shí) file-extension 的配置對自定義擴(kuò)展配置的 Data Id 文件擴(kuò)展名沒有影響          - data-id: ${spring.nacos.config.prefix}.yaml            group: ${spring.nacos.config.group}            refresh: true          - data-id: ${spring.nacos.config.prefix}-admin-monitor.yaml            group: ${spring.nacos.config.group}            refresh: true

5、擴(kuò)展gitegg-gateway的SpringSecurity配置,增加統(tǒng)一鑒權(quán)校驗(yàn)。因我們有多個(gè)微服務(wù),且所有的微服務(wù)在生產(chǎn)環(huán)境部署時(shí)都不會暴露端口,所以所有的微服務(wù)鑒權(quán)都會在網(wǎng)關(guān)做。

SpringSecurity權(quán)限驗(yàn)證支持多過濾器配置,同時(shí)可配置驗(yàn)證順序,我們這里需要改造之前的過濾器,這里新增Basic認(rèn)證過濾器,通過securityMatcher設(shè)置,只有健康檢查的請求走這個(gè)權(quán)限過濾器,其他請求繼續(xù)走之前我們設(shè)置的OAuth2+JWT權(quán)限驗(yàn)證器。

/** * 權(quán)限配置 * 注解需要使用@EnableWebFluxSecurity而非@EnableWebSecurity,因?yàn)镾pringCloud Gateway基于WebFlux * * @author GitEgg * */@RequiredArgsConstructor(onConstructor_ = @Autowired)@Configuration@EnableWebFluxSecuritypublic class MultiWebSecurityConfig {        private final AuthorizationManager authorizationManager;        private final AuthServerAccessDeniedHandler authServerAccessDeniedHandler;        private final AuthServerAuthenticationEntryPoint authServerAuthenticationEntryPoint;        private final AuthUrlWhiteListProperties authUrlWhiteListProperties;        private final WhiteListRemoveJwtFilter whiteListRemoveJwtFilter;        private final SecurityProperties securityProperties;        @Value("${management.endpoints.web.base-path:}")    private String actuatorPath;        /**     * 健康檢查接口權(quán)限配置     * @param http     * @return     */    @Order(Ordered.HIGHEST_PRECEDENCE)    @Bean    @ConditionalOnProperty( value = {"management.security.enabled", "management.endpoints.enabled-by-default"}, havingValue = "true")    SecurityWebFilterChain webHttpSecurity(ServerHttpSecurity http) {        if (StringUtils.isEmpty(actuatorPath))        {            throw new BusinessException("當(dāng)啟用健康檢查時(shí),不允許健康檢查的路徑為空");        }        http                .cors()                .and()                .csrf().disable()                .formLogin().disable()                .securityMatcher(new OrServerWebExchangeMatcher(                        new PathPatternParserServerWebExchangeMatcher(actuatorPath + "/**"),                        new PathPatternParserServerWebExchangeMatcher("/**" + actuatorPath + "/**")                ))                .authorizeExchange((exchanges) -> exchanges                        .anyExchange().hasAnyRole(securityProperties.getUser().getRoles().toArray(new String[0]))                )                .httpBasic(Customizer.withDefaults());        return http.build();    }        /**     * 設(shè)置Basic認(rèn)證用戶信息     * @return     */    @Bean    @ConditionalOnProperty( value = {"management.security.enabled", "management.endpoints.enabled-by-default"}, havingValue = "true")    ReactiveUserDetailsService userDetailsService() {        return new MapReactiveUserDetailsService(User                .withUsername(securityProperties.getUser().getName())                .password(passwordEncoder().encode(securityProperties.getUser().getPassword()))                .roles(securityProperties.getUser().getRoles().toArray(new String[0]))                .build());    }        /**     * 設(shè)置密碼編碼     * @return     */    @Bean    @ConditionalOnProperty( value = {"management.security.enabled", "management.endpoints.enabled-by-default"}, havingValue = "true")    public static PasswordEncoder passwordEncoder() {        DelegatingPasswordEncoder delegatingPasswordEncoder =                (DelegatingPasswordEncoder) PasswordEncoderFactories.createDelegatingPasswordEncoder();        return  delegatingPasswordEncoder;    }        /**     * 路由轉(zhuǎn)發(fā)權(quán)限配置     * @param http     * @return     */    @Bean    SecurityWebFilterChain apiHttpSecurity(ServerHttpSecurity http) {                http.oauth2ResourceServer().jwt()                .jwtAuthenticationConverter(jwtAuthenticationConverter());            // 自定義處理JWT請求頭過期或簽名錯(cuò)誤的結(jié)果        http.oauth2ResourceServer().authenticationEntryPoint(authServerAuthenticationEntryPoint);            // 對白名單路徑,直接移除JWT請求頭,不移除的話,后臺會校驗(yàn)jwt        http.addFilterBefore(whiteListRemoveJwtFilter, SecurityWebFiltersOrder.AUTHENTICATION);            // Basic認(rèn)證直接放行        if (!CollectionUtils.isEmpty(authUrlWhiteListProperties.getTokenUrls()))        {            http.authorizeExchange().pathMatchers(ArrayUtil.toArray(authUrlWhiteListProperties.getTokenUrls(), String.class)).permitAll();        }            // 判斷是否有靜態(tài)文件        if (!CollectionUtils.isEmpty(authUrlWhiteListProperties.getStaticFiles()))        {            http.authorizeExchange().pathMatchers(ArrayUtil.toArray(authUrlWhiteListProperties.getStaticFiles(), String.class)).permitAll();        }            http.authorizeExchange()                .pathMatchers(ArrayUtil.toArray(authUrlWhiteListProperties.getWhiteUrls(), String.class)).permitAll()                .anyExchange().access(authorizationManager)                .and()                .exceptionHandling()                /**                 * 處理未授權(quán)                 */                .accessDeniedHandler(authServerAccessDeniedHandler)                /**                 * 處理未認(rèn)證                 */                .authenticationEntryPoint(authServerAuthenticationEntryPoint)                .and()                .cors()                .and().csrf().disable();            return http.build();    }        /**     * ServerHttpSecurity沒有將jwt中authorities的負(fù)載部分當(dāng)做Authentication,需要把jwt的Claim中的authorities加入     * 解決方案:重新定義ReactiveAuthenticationManager權(quán)限管理器,默認(rèn)轉(zhuǎn)換器JwtGrantedAuthoritiesConverter     */    @Bean    public Converter> jwtAuthenticationConverter() {        JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();        jwtGrantedAuthoritiesConverter.setAuthorityPrefix(AuthConstant.AUTHORITY_PREFIX);        jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName(AuthConstant.AUTHORITY_CLAIM_NAME);                JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwtGrantedAuthoritiesConverter);        return new ReactiveJwtAuthenticationConverterAdapter(jwtAuthenticationConverter);    }}

6、在Nacos配置中心,統(tǒng)一配置所有微服務(wù)的健康檢查端點(diǎn)地址,權(quán)限校驗(yàn)的用戶名密碼等。

spring:......  security:    # # 啟用SpringBootAdmin時(shí),健康檢查權(quán)限校驗(yàn),不使用SpringBootAdmin此處可省略    user:      name: user      password: password      roles: ACTUATOR_ADMIN......# 性能監(jiān)控端點(diǎn)配置management:  security:    enabled: true    role: ACTUATOR_ADMIN  endpoint:    health:      show-details: always  endpoints:    enabled-by-default: true    web:      base-path: /actuator      exposure:        include: '*'  server:    servlet:      context-path: /actuator  health:    mail:      enabled: false......

7、設(shè)置網(wǎng)關(guān)Gateway配置,對gitegg-admin-monitor進(jìn)行過路由和轉(zhuǎn)發(fā)。

spring:    gateway:      discovery:        locator:          enabled: true      routes:......        - id: gitegg-admin-monitor          uri: lb://gitegg-admin-monitor          predicates:            - Path=/gitegg-admin-monitor/**          filters:            - StripPrefix=1        - id: monitor          uri: lb://gitegg-admin-monitor          predicates:            - Path=/monitor/**          filters:            - StripPrefix=0......

8、啟動所有的微服務(wù),并訪問 http://127.0.0.1/gitegg-admin-monitor/monitor/login 進(jìn)行健康檢查微服務(wù)配置。

根據(jù)我們在Nacos中的配置,我們這里的登錄用戶名密碼是:user / password。

以上為SpringBootAdmin在SpringCloud微服務(wù)中的搭建和配置步驟,相比較而言比較簡單,但是一定要注意權(quán)限問題,不要因?yàn)榻】禉z查而泄露了系統(tǒng)信息。我們這里是通過Gateway進(jìn)行的統(tǒng)一鑒權(quán),在生產(chǎn)環(huán)境部署時(shí),一定要注意修改默認(rèn)的Basic校驗(yàn)用戶名密碼,甚至需要修改健康檢查端點(diǎn)。


分享文章:SpringCloud—SpringBootAdmin微服務(wù)監(jiān)控告警系統(tǒng)
本文來源:http://m.5511xx.com/article/cceijde.html