Shulou(Shulou.com)06/02 Report--

This article mainly introduces how to SpringBoot Admin, the introduction in the article is very detailed, has a certain reference value, interested friends must read!

The company has a SpringBoot project that needs to be monitored. I looked it up online and found that everyone is recommending SpringBootAdmin. SpringBoot Admin is a project incubated by the open source community for managing and monitoring SpringBoot applications. SpringBoot Admin is divided into server (spring-boot-admin-server) and client (spring-boot-admin-client). Http communication is used between server and client to achieve data exchange. Spring-boot-admin-client needs to be integrated in a single project to allow applications to be monitored. In the SpringCloud project, spring-boot-admin-server grabs the application information directly from the registry and does not need to integrate spring-boot-admin-client for each micro-service application to realize the application management and monitoring.

Official website reference link: https://codecentric.github.io/spring-boot-admin/2.2.4/

This article only describes the single application of SpringBoot Admin management and monitoring, and does not involve the content related to SpringCloud.

1.1.The construction of SpringBoot Admin server

(1) Maven dependency description SpringBoot version

Org.springframework.boot spring-boot-starter-parent 2.2.10.RELEASE

Add SpringBootAdmin server dependency and SpringBoot web dependency

Org.springframework.boot spring-boot-starter-web de.codecentric spring-boot-admin-starter-server 2.2.4

(2) configure ports in application.yml

# designated port server: port: 23333

(3) write startup class and open SpringBootAdminServer

Package com.zcode.monitor.server; import de.codecentric.boot.admin.server.config.EnableAdminServer; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication / * AdminServerApplication * @ author ZENG.XIAO.YAN * @ version 2020-11-12 * / @ EnableAdminServer / / Open the springboot admin server @ SpringBootApplication public class AdminServerApplication {public static void main (String [] args) {SpringApplication.run (AdminServerApplication.class,args);}}

(4) browser access test browser access http://localhost:23333/ the following page shows that the SpringBoot Admin server has been successfully built

1.2 SpringBootAdmin client end building

Note: the so-called client side refers to the application side that we need to monitor. Here we write a simple SpringBoot web application to demonstrate.

(1) Maven dependency description

The SpringBoot version is as follows

Org.springframework.boot spring-boot-starter-parent 2.2.10.RELEASE

Add SpringBootAdmin client dependency and SpringBoot web dependency. There is no need to add SpringBoot actuator dependencies here, because SpringBootAdmin client already contains actuator-related dependencies

Org.springframework.boot spring-boot-starter-web de.codecentric spring-boot-admin-starter-client 2.2.4

(2) application.yml configuration

The following information needs to be configured in yml:

Application port

Open endpoints for SpringBootAdmin monitoring

Configure the application name (this name will be displayed on the administration page of SpringBoot Admin)

Configure the address of Admin Server

Configure the file name and storage location of the log file (if you do not configure it, you will not see the log)

# Port server: port: 908 Open Endpoint Monitoring for SpringBoot Admin management: endpoints: web: exposure: include:'* 'spring: application: name: admin-client # give the client application a name boot: admin: client: url: http://localhost:23333 # here configure the address of admin server logging: file: name: admin-client.log # configure the name of the generation log file

(3) write a Controller to simulate a common interface

If you access this interface through a browser, the log will be printed as follows

/ * HelloController * * @ author ZENG.XIAO.YAN * @ version 2020-11-16 * / @ Slf4j @ RestController @ RequestMapping ("api") public class HelloController {private AtomicInteger count = new AtomicInteger (0) @ GetMapping ("hi") private String sayHi () {/ / every time you come in, for example, print the log log.info ("{} pop." I came in for the first {} time. ", LocalDateTime.now (), count.addAndGet (1); / / new large objects each time to monitor and observe heap memory changes byte [] bytes = new byte [100,1024,1024]; log.info (" new 100MB "); return" hi springboot addmin "+ LocalDateTime.now ();}}

(4) write a startup class

The startup class code is very simple, just a normal SpringBoot project startup class, with no other comments on it. The details are as follows

@ SpringBootApplicationpublic class AdminClientApplication {public static void main (String [] args) {SpringApplication.run (AdminClientApplication.class, args);}} 1.3 effect display

(1) managed applications will be displayed on the application wall

When our admin-client project starts, you can see the admin-client application on the wall of the admin-server management page. For more information, please refer to the figure below.

(2) you can view the specific information of the application

In the application wall click on the application, we can see the specific information of the application, such as heap memory changes and the number of threads. Please refer to the following figure for details.

(3) Log view and heap memory change observation

Request the analog interface http://localhost:9088/api/hi that we wrote in admin-client, which will output the log and open up the heap memory space of 100MB at the same time.

After several requests, you can see the log in real time on the web page as shown in the following figure

Since we directly new the large objects of 100MB, we can view the heap memory changes in the details, as shown below.

II. Security 2.1Security reinforcement of admin-server end

If the administrative background of this SpringBoot Admin can be accessed without a password, it is really insecure, so we have to add login function to it.

Referring to the official documentation of SpringBoot Admin, we can add Spring Security-related dependencies on the Admin-Server side and access the webpage management panel only after login.

The reference link on the official website is: https://codecentric.github.io/spring-boot-admin/2.2.4/#_securing_client_actuator_endpoints

Let's start with the specific transformation.

(1) admin-server adds Spring Security-related dependencies

Org.springframework.boot spring-boot-starter-security

(2) admin-server sets account and password

Configure account and password in application.yml

# configure an account and password spring: security: user: name: admin password: root123456

(3) add a Spring Security configuration class to admin-server

@ Configuration public class SecuritySecureConfig extends WebSecurityConfigurerAdapter {private final String adminContextPath; public SecuritySecureConfig (AdminServerProperties adminServerProperties) {this.adminContextPath = adminServerProperties.getContextPath ();} @ Override protected void configure (HttpSecurity http) throws Exception {SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler (); successHandler.setTargetUrlParameter ("redirectTo"); successHandler.setDefaultTargetUrl (adminContextPath + "/") Http.authorizeRequests () / 1. Configure all static resources and login pages to access .antMatrices (adminContextPath + "/ assets/**"). PermitAll () .antMatrices (adminContextPath + "/ login"). PermitAll () .anyRequest (). Authenticated () .and () / / 2. Configure the login and logout path .formLogin () .formLogin (adminContextPath + "/ login") .formHandler (successHandler). And () .logout (). LogoutUrl (adminContextPath + "/ logout"). And () / / 3. Enable http basic support. You need to use .httpBasic () .and () .csrf () / / 4 when registering for admin-client. Open cookie-based csrf protection. CsrfTokenRepository (CookieCsrfTokenRepository.withHttpOnlyFalse ()) / / 5. Ignore the csrf protection of these paths so that admin-client can register. AdminContextPath + "/ instances", adminContextPath + "/ actuator/**");}}

(4) access test after admin-server security reinforcement

Visit http://localhost:23333/ again and find that you need to log in

When we enter the correct account password to log in, the situation is as follows

At this time, the number of applications has become 0. There is an admin-client application when we do not carry out security reinforcement. Why is it gone? The reason is that after adding the account password authentication, the admin-client side also needs to configure the admin-server account and password.

(5) set the account password of admin-server on admin-client.

When admin-client registers to admin-server, the admin-server side has a http Basic authentication, and only after passing the authentication can admin-client register on admin-server. For the configuration of access password in application.yml of admin-client, please refer to the following code

Spring: application: name: admin-client # give the client app a name boot: admin: client: url: http://localhost:23333 # configure the address of admin server here # configure the account and password of admin-server username: admin password: root123456

(6) visit the admin-server management background again when we log in, we finally see our admin-client application again

2.2 Security on the admin-client side

It is very insecure for the admin-client side to expose all actuator endpoints. So we can add Spring Security to admin-client for security reinforcement as well.

All of the following operations are done in admin-client

(1) add Spring Security dependency

Org.springframework.boot spring-boot-starter-security

(2) yml configuration

The account and password of client need to be set in yml. The relevant configuration on the official website is shown in the following figure.

For the relevant yml configuration of admin-client in this demonstration, refer to the following code

Spring: application: name: admin-client # give the name to the client application boot: admin: client: url: http://localhost:23333 # configure the address of admin server here # configure the account and password of admin-server username: admin password: root123456 instance: metadata: # configure the account and password of admin-client here User name and password of code user.name: ${spring.security.user.name} user.password: ${spring.security.user.password} # admin-client security: user: name: clientAdmin password: 123456

(3) add Spring Security configuration class

Why go to the configuration? Because all requests will be intercepted when Spring Security is not configured, we only need to intercept the monitoring endpoint / actuator/** here. At the same time, it is mentioned on the official website that when admin-server accesses admin-client, it also uses http Basic authentication. Therefore, it is necessary to configure Spring Security to support Http Basic authentication.

@ Configuration @ Slf4j public class SpringSecurityActuatorConfig extends WebSecurityConfigurerAdapter {public SpringSecurityActuatorConfig () {log.info ("SpringSecurityActuatorConfig... Start ") } @ Override protected void configure (HttpSecurity http) throws Exception {/ / this configuration is only valid for requests of / actuator/**. All requests under http.antMatcher ("/ actuator/**") / actuator/ need to be authenticated. AuthorizeRequests (). AnyRequest (). Authenticated () / / enable httpBasic authentication mode When springboot admin-client is configured with a password, / / admin-server uses httpbasic authentication to pull client information. And () .httpBasic () / disable csrf .and () .csrf () .disable () }}

(4) effect display

The information of admin-client can still be seen on the admin-server side, indicating that the monitoring and management function of admin-server is normal after we add SpringSecurity. For more information, please see the figure below.

When we visit admin-client 's monitoring endpoint http://localhost:9088/actuator/health, we find that http Basic authentication is required; this also proves that our authentication interception only intercepts the monitoring endpoint. The effect is as follows

(5) existing problems

Through the above configuration, admin-client adds Spring Security to secure authentication of actuator endpoints, but there are still some problems. When our project is originally using the SpringSecurity security framework for authentication and authorization. The above configuration is about to be modified. Because we generally do not use HttpBasic authentication, but use the form login authentication. This leads to the problem of configuring multiple Spring Security. Although there is this problem, there is still a solution online.

(6) multiple Spring Security coexistence schemes

The link found in the Spring Security official document for this solution is as follows: screenshot of key information on https://docs.spring.io/spring-security/site/docs/5.3.5.RELEASE/reference/html5/ official website:

The focus is to specify the priority of multiple Spring Security by adding Order annotations

Paste my code directly below; for intuition, I built two static Spring Security configuration classes in the same class

/ * SpringSecurity form and HttpBasic coexistence configuration reference, written in a class to facilitate the comparison of * @ author ZENG.XIAO.YAN * @ Date 2020-11-11 * @ version 1.0 * / @ Slf4jpublic class SpringSecurityConfig2 {/ * * this form and HttpBasic coexistence configuration Refer to url as follows: * the official url: https://docs.spring.io/spring-security/site/docs/4.2.3.BUILD-SNAPSHOT/reference/htmlsingle/#multiple-httpsecurity * project launch log is as follows. You can see that two filter chains have been created * 2020-11-11 22-57 INFO 56.340 INFO 12692-[main] o.s.s.web.DefaultSecurityFilterChain: Creating filter chain: Ant [pattern='/actuator/**'] * 2020-11-11 22 o.s.s.web.DefaultSecurityFilterChain 57 INFO 12692-[main] o.s.s.web.DefaultSecurityFilterChain: Creating filter chain: any request, * / / * HttpBasic authentication method It only works for / actuator/**. Because Order is set, the priority will be higher than FormLoginWebSecurityConfigurerAdapter * @ author ZENG.XIAO.YAN * @ Date 2020-11-11 * @ version 2020 * / @ Configuration @ Order (1) public static class HttpBasicSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {public HttpBasicSecurityConfigurationAdapter () {log.info ("HttpBasicSecurityConfigurationAdapter...") Start ") } protected void configure (HttpSecurity http) throws Exception {/ / this configuration is valid only for requests of / actuator/**. All requests under http.antMatcher ("/ actuator/**") / actuator/ need to be authenticated. AuthorizeRequests (). AnyRequest (). Authenticated () / / enable httpBasic authentication mode When springboot admin-client is configured with a password, / / admin-server uses httpbasic authentication to pull client information. And () .httpBasic () / disable csrf .and () .csrf () .disable () }} / * form login authentication configuration. Since Order is not specified, the default is a maximum of 2147483647. The higher the value is. The lower the priority * @ author ZENG.XIAO.YAN * @ Date 2020-11-11 * @ version 2020 * / @ Configuration public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {public FormLoginWebSecurityConfigurerAdapter () {log.info ("FormLoginWebSecurityConfigurerAdapter..." Start "); @ Override protected void configure (HttpSecurity http) throws Exception {http.authorizeRequests () .anyRequest () .authenticated () .and () .formLogin ();}

After adding this configuration class, remember to delete the SpringSecurityActuatorConfig class we configured above, and then restart the project. The effect is as follows:

If you visit http://localhost:9088/actuator/health, the httpBasic authentication page will appear.

When you visit http://localhost:9088/api/hi, the form login page that comes with Spring Security appears.

Visit the management page of admin-server and find that the admin-client application information is normal, indicating that there is no problem with the modified Spring Security configuration.

The above is all the content of this article "how about SpringBoot Admin". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.