- springboot提供了对项目的监控功能。
- 首先引入监控的jar包:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.hateoas/spring-hateoas -->
<dependency>
<groupId>org.springframework.hateoas</groupId>
<artifactId>spring-hateoas</artifactId>
<version>1.1.1.RELEASE</version>
</dependency>
- hateoas是REST架构风格中复杂的约束,也是构建成熟REST服务的依赖,引入它是为了支持Spring boot的HTTP监控端点的需要。
![Spring监控端点](https://i-blog.csdnimg.cn/blog_migrate/6f367f7ff272d4105af043f2ddbc9c07.png)
- Springboot中为这些端点提供了多种监控手段,包括HTTP和JMX等。
- HTTP监控:在引入spring-boot-starter-actuator和spring-boot-starter-web基础上,启动springboot,在浏览器中访问
http://localhost:8080/actuator/health,
即可看到当前应用的状态。 - 如果看不到http://localhost:8080/actuator/beans等,可以配置
management:
endpoints:
web:
exposure:
include: info,health,beans
- 查看敏感信息:还可以使用Spring Security配置用户和角色,来解决这些敏感信息的访问权限问题。需要引入spring-boot-starter-security依赖,再去配置。
package com.jianxin.web.security;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
* @program: high-concurrent-maven-learn
* @description: 安全框架配置
* @author: fjx
* @create: 2020-08-10 09:43
**/
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
public static void main(String[] args) {
System.out.println(new BCryptPasswordEncoder().encode("123456"));
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
PasswordEncoder passwordEncoder=new BCryptPasswordEncoder();
auth.inMemoryAuthentication()
.passwordEncoder(passwordEncoder)
.withUser("admin")
.password("$2a$10$vsbJVOUyooKDvpn1aGuZ4.eIiK7prZUZdPcycbtUREdXjGRC0Of7u")
.roles("USER","ADMIN")
.and()
.withUser("myuser")
.password("$2a$10$sKYsX.kln.ip9.C4n0aSm.karhDDvMQfLyER.KpIelHIiAI186C6W")
.roles("USER");
}
protected void configure(HttpSecurity http) throws Exception {
String[] endPoints={"auditevents","beans","conditions","fonfigprops","env","flyway","httptrace"
,"loggers","liquibase","metrics","mappings","scheduledtasks","sessions","shutdown","threaddump"};
http.requestMatcher(EndpointRequest.to(endPoints))
.authorizeRequests()
.anyRequest()
.hasRole("ADMIN")
.and()
.antMatcher("/close")
.authorizeRequests()
.and()
.httpBasic();
}
}
- 还可以进行application.yml中的配置来自行配置端点。
- 还可以通过使用注解@Endpoint,@JmxEndpoint,@WebEndpoint,@WebEndpointExtension或@EndpointJmxExtension对已有的端点进行扩展。
- 还可以通过如下配置打开展示健康指标项:
management:
endpoints:
web:
exposure:
include: '*'
endpoint:
health:
show-details: when_authorized
- 还可以自定义健康指标项。如数据库实时连接状态、互联网连接状态。
- 对于springboot项目,还可以通过Java 管理扩展(Java Management Extensions JMX)来让开发人员监控JVM的状况。