springboot 监控 actuator监控、HTTP监控和JMX监控

1. springboot提供了对项目的监控功能。
2. 首先引入监控的jar包：

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-actuator</artifactId>
</dependency>

<!-- https://mvnrepository.com/artifact/org.springframework.hateoas/spring-hateoas -->
<dependency>
    <groupId>org.springframework.hateoas</groupId>
    <artifactId>spring-hateoas</artifactId>
    <version>1.1.1.RELEASE</version>
</dependency>

3. hateoas是REST架构风格中复杂的约束，也是构建成熟REST服务的依赖，引入它是为了支持Spring boot的HTTP监控端点的需要。
   
4. Springboot中为这些端点提供了多种监控手段，包括HTTP和JMX等。
5. HTTP监控：在引入spring-boot-starter-actuator和spring-boot-starter-web基础上，启动springboot，在浏览器中访问http://localhost:8080/actuator/health，即可看到当前应用的状态。
6. 如果看不到http://localhost:8080/actuator/beans等，可以配置

management:
  endpoints:
    web:
      exposure:
        include: info,health,beans

7. 查看敏感信息：还可以使用Spring Security配置用户和角色，来解决这些敏感信息的访问权限问题。需要引入spring-boot-starter-security依赖，再去配置。

package com.jianxin.web.security;

import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * @program: high-concurrent-maven-learn
 * @description: 安全框架配置
 * @author: fjx
 * @create: 2020-08-10 09:43
 **/
@Configuration
public class WebSecurityConfig  extends WebSecurityConfigurerAdapter {

    public static void main(String[] args) {
        System.out.println(new BCryptPasswordEncoder().encode("123456"));
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        PasswordEncoder passwordEncoder=new BCryptPasswordEncoder();
        auth.inMemoryAuthentication()
                .passwordEncoder(passwordEncoder)
                .withUser("admin")
                .password("$2a$10$vsbJVOUyooKDvpn1aGuZ4.eIiK7prZUZdPcycbtUREdXjGRC0Of7u")
                .roles("USER","ADMIN")
                .and()
                .withUser("myuser")
                .password("$2a$10$sKYsX.kln.ip9.C4n0aSm.karhDDvMQfLyER.KpIelHIiAI186C6W")
                .roles("USER");

    }


    protected void configure(HttpSecurity http) throws Exception {
        String[] endPoints={"auditevents","beans","conditions","fonfigprops","env","flyway","httptrace"
                ,"loggers","liquibase","metrics","mappings","scheduledtasks","sessions","shutdown","threaddump"};
        http.requestMatcher(EndpointRequest.to(endPoints))
                .authorizeRequests()
                .anyRequest()
                .hasRole("ADMIN")
                .and()
                .antMatcher("/close")
                .authorizeRequests()
                .and()
                .httpBasic();
    }


}

9. 还可以进行application.yml中的配置来自行配置端点。
10. 还可以通过使用注解@Endpoint,@JmxEndpoint,@WebEndpoint,@WebEndpointExtension或@EndpointJmxExtension对已有的端点进行扩展。
11. 还可以通过如下配置打开展示健康指标项：

management:
  endpoints:
    web:
      exposure:
        include: '*'
  endpoint:
    health:
      show-details: when_authorized

12. 还可以自定义健康指标项。如数据库实时连接状态、互联网连接状态。
13. 对于springboot项目，还可以通过Java 管理扩展（Java Management Extensions JMX）来让开发人员监控JVM的状况。