一、前言
监控类的数据 Web 管理端最好不要设置成直接通过输入访问地址就可以访问,必须得进行用户认证才行,以保证数据的安全性。Spring Boot Admin 开启认证也可以借助于 spring-boot-starter-security。
二、代码演示
1、microservice-monitor-server -> pom.xml
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <parent> <artifactId>microservice-minitor</artifactId> <groupId>com.microservice</groupId> <version>1.0-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>microservice-monitor-server</artifactId> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>de.codecentric</groupId> <artifactId>spring-boot-admin-starter-server</artifactId> <version>2.2.0</version> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build> </project>
监控中心需要添加 spring-boot-starter-security 的依赖。
2、microservice-monitor-server -> application.yml
server:
port: 8888
spring:
application:
name: SpringBootAdmin
boot:
admin:
ui:
title: SpringBootAdmin-Server
security:
user:
name: "admin"
password: "admin"
eureka:
instance:
hostname: localhost
metadata-map:
user.name: ${spring.security.user.name}
user.password: ${spring.security.user.password}
client:
register-with-eureka: true
fetch-registry: true
serviceUrl:
defaultZone: http://localhost:8001/register/eureka/
3、microservice-monitor-server -> MonitorWebSecurityConfigure.java
package com.microservice.minitor.config; import de.codecentric.boot.admin.server.config.AdminServerProperties; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; @EnableWebSecurity public class MonitorWebSecurityConfigure extends WebSecurityConfigurerAdapter { private final String adminContextPath; public MonitorWebSecurityConfigure(AdminServerProperties adminServerProperties) { this.adminContextPath = adminServerProperties.getContextPath(); } @Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler(); successHandler.setTargetUrlParameter("redirectTo"); successHandler.setDefaultTargetUrl(adminContextPath + "/"); http.authorizeRequests() //授予对所有静态资产和登录页面的公共访问权限。 .antMatchers(adminContextPath + "/assets/**").permitAll() .antMatchers(adminContextPath + "/login").permitAll() //必须对每个其他请求进行身份验证 .anyRequest().authenticated() .and() //配置登录和注销 .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and() .logout().logoutUrl(adminContextPath + "/logout").and() //启用HTTP-Basic支持。这是Spring Boot Admin Client注册所必需的 .httpBasic().and(); // @formatter:on } }
三、运行测试
启动注册中心 =》启动监控中心
打开Url:http://localhost:8888 会自动跳转到 http://localhost:8888/login
使用我们在application.yml中配置的用户名及密码,登录之后
