1.Actuator是什么?
Actuator是spring boot下的一个模块,提供http (或JMX)端点来实现对应用程序的监视和管理、收集运行状况等功能。
2.添加相关依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
3.启动测试
http://localhost:8080/actuator
默认开放3个endpoint, /actuator /actuator/health /actuator/health/{*path}
4.开放endpoint 修改application.yml
management:
server:
port: 12345 # 端口默认=server.port 增加安全性
endpoints:
web:
exposure:
include: "*" # 开放节点 * 开放所有 beans,.....
# exclude: beans # 禁止开放节点 * 禁止开放所有 beans,.....
base-path: /control # 自定义根路径 增加安全性
endpoint:
shutdown:
enabled: true # 打开shutdown端点 POST请求
health:
show-details: always # 获得健康检查中所有指标的详细信息
beans:
cache:
time-to-live: 100s # 不带参数的端点请求会自动进行缓存
#health:
#defaults:
#enabled: false # 禁用所有自动健康检查
#mongo:
#enabled: false # 禁用制定组件(mongo)自动健康检查
{
"_links": {
"self": {
"href": "http://localhost/actuator",
"templated": false
},
"beans": {
"href": "http://localhost/actuator/beans",
"templated": false
},
"caches-cache": {
"href": "http://localhost/actuator/caches/{cache}",
"templated": true
},
"caches": {
"href": "http://localhost/actuator/caches",
"templated": false
},
"health": {
"href": "http://localhost/actuator/health",
"templated": false
},
"health-path": {
"href": "http://localhost/actuator/health/{*path}",
"templated": true
},
"info": {
"href": "http://localhost/actuator/info",
"templated": false
},
"conditions": {
"href": "http://localhost/actuator/conditions",
"templated": false
},
"configprops": {
"href": "http://localhost/actuator/configprops",
"templated": false
},
"configprops-prefix": {
"href": "http://localhost/actuator/configprops/{prefix}",
"templated": true
},
"env": {
"href": "http://localhost/actuator/env",
"templated": false
},
"env-toMatch": {
"href": "http://localhost/actuator/env/{toMatch}",
"templated": true
},
"loggers": {
"href": "http://localhost/actuator/loggers",
"templated": false
},
"loggers-name": {
"href": "http://localhost/actuator/loggers/{name}",
"templated": true
},
"heapdump": {
"href": "http://localhost/actuator/heapdump",
"templated": false
},
"threaddump": {
"href": "http://localhost/actuator/threaddump",
"templated": false
},
"metrics-requiredMetricName": {
"href": "http://localhost/actuator/metrics/{requiredMetricName}",
"templated": true
},
"metrics": {
"href": "http://localhost/actuator/metrics",
"templated": false
},
"scheduledtasks": {
"href": "http://localhost/actuator/scheduledtasks",
"templated": false
},
"mappings": {
"href": "http://localhost/actuator/mappings",
"templated": false
}
}
}
5.endpoint 介绍
5.1)beans:注册到Sprng容器中的Bean对象集合
5.2)caches:缓存信息
5.3)health:应用的健康状态
5.4)info:应用的基本信息,需要手工配置
5.5)conditions:自动配置生效的条件
5.6)configprops:获取所有的配置属性
5.7)auditevents:显示应用暴露的审计事件
5.8)metrics:应用多样的度量信息 查看某项的度量信息/metric/jvm.buffer.count
5.9)loggers:日志配置 loggers/root
5.10)httptrace:HTTP足迹,显示最近100个HTTP request/repsponse
5.11)env:当前的环境特性
5.12)flyway:显示数据库迁移路径的详细信息
5.13)shutdown:关闭应用 唯一POST请求的节点
5.14)mappings:所有的@RequestMapping路径
5.15)scheduledtask:应用中的调度任务
5.16)threaddump:线程信息
5.17)heapdump:JVM堆dump
6.端点保护
6.1 添加依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
6.2 添加配置
spring:
security:
user:
name: admin
password: admin
roles: admin
6.3 配置拦截地址
package com.example.hellospringboot.config;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.boot.actuate.context.ShutdownEndpoint;
import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
public class ActuatorSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.requestMatchers(EndpointRequest.to(ShutdownEndpoint.class))
.hasRole("admin")
.requestMatchers(EndpointRequest.toAnyEndpoint())
.permitAll()
.requestMatchers(PathRequest.toStaticResources().atCommonLocations())
.permitAll()
.antMatchers("/control*")
.permitAll()
.antMatchers("/control**")
.authenticated()
.and()
.httpBasic();
}
}