一、前言
監控類的數據 Web 管理端最好不要設置成直接通過輸入訪問地址就可以訪問,必須得進行用戶認證才行,以保證數據的安全性。Spring Boot Admin 開啟認證也可以借助於 spring-boot-starter-security。
二、代碼演示
1、microservice-monitor-server -> pom.xml
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <parent> <artifactId>microservice-minitor</artifactId> <groupId>com.microservice</groupId> <version>1.0-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>microservice-monitor-server</artifactId> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>de.codecentric</groupId> <artifactId>spring-boot-admin-starter-server</artifactId> <version>2.2.0</version> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build> </project>
監控中心需要添加 spring-boot-starter-security 的依賴。
2、microservice-monitor-server -> application.yml
server:
port: 8888
spring:
application:
name: SpringBootAdmin
boot:
admin:
ui:
title: SpringBootAdmin-Server
security: user: name: "admin" password: "admin"
eureka:
instance:
hostname: localhost
metadata-map: user.name: ${spring.security.user.name} user.password: ${spring.security.user.password}
client:
register-with-eureka: true
fetch-registry: true
serviceUrl:
defaultZone: http://localhost:8001/register/eureka/
3、microservice-monitor-server -> MonitorWebSecurityConfigure.java
package com.microservice.minitor.config; import de.codecentric.boot.admin.server.config.AdminServerProperties; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; @EnableWebSecurity public class MonitorWebSecurityConfigure extends WebSecurityConfigurerAdapter { private final String adminContextPath; public MonitorWebSecurityConfigure(AdminServerProperties adminServerProperties) { this.adminContextPath = adminServerProperties.getContextPath(); } @Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler(); successHandler.setTargetUrlParameter("redirectTo"); successHandler.setDefaultTargetUrl(adminContextPath + "/"); http.authorizeRequests() //授予對所有靜態資產和登錄頁面的公共訪問權限。 .antMatchers(adminContextPath + "/assets/**").permitAll() .antMatchers(adminContextPath + "/login").permitAll() //必須對每個其他請求進行身份驗證 .anyRequest().authenticated() .and() //配置登錄和注銷 .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and() .logout().logoutUrl(adminContextPath + "/logout").and() //啟用HTTP-Basic支持。這是Spring Boot Admin Client注冊所必需的 .httpBasic().and(); // @formatter:on } }
三、運行測試
啟動注冊中心 =》啟動監控中心
打開Url:http://localhost:8888 會自動跳轉到 http://localhost:8888/login
使用我們在application.yml中配置的用戶名及密碼,登錄之后
