clay commit : ci/cd相关软件安装
	
		
			
	
		
	
	
		
			
				
	
				continuous-integration/drone/push Build is passing
				
					Details
				
			
		
	
				
					
				
			
				
	
				continuous-integration/drone/push Build is passing
				
					Details
				
			
		
	This commit is contained in:
		
							parent
							
								
									e83d809db9
								
							
						
					
					
						commit
						ff7cef6835
					
				|  | @ -52,6 +52,14 @@ module.exports = { | |||
|           '/wiki/back-build/' | ||||
|         ]  // 根据自己的需求来订,对应自己在docs下的文件夹名,默认首页是README.md
 | ||||
|       }, | ||||
|       { | ||||
|         title: '功能使用', | ||||
|         collapsable: false, | ||||
|         children: [ | ||||
|           '/use/spring-amin/', | ||||
|         ]  // 根据自己的需求来订,对应自己在docs下的文件夹名,默认首页是README.md
 | ||||
|       }, | ||||
| 
 | ||||
|       // {
 | ||||
|       //   title: '模块介绍',
 | ||||
|       //   collapsable: false,
 | ||||
|  |  | |||
|  | @ -0,0 +1,107 @@ | |||
| # 监控模块使用 | ||||
| 
 | ||||
| 监控模块使用 Spring Boot Admin,配合客户端引入spring-boot-starter-actuator依赖就可以在监控模块中看到对应服务的情况,但是Spring Boot Admin没有权限拦截,所以需要二次权限认证。 | ||||
| 
 | ||||
| ## 实现原理 | ||||
| - 引入 spring security | ||||
| 
 | ||||
| ```xml | ||||
| <!--security--> | ||||
| <dependency> | ||||
| 	<groupId>org.springframework.boot</groupId> | ||||
| 	<artifactId>spring-boot-starter-security</artifactId> | ||||
| </dependency> | ||||
| ``` | ||||
| 
 | ||||
| - 配置 spring security | ||||
| ```java | ||||
| /** | ||||
|  * 配置安全认证,以便其他服务注册 | ||||
|  * | ||||
|  * @author Clay | ||||
|  * @date 2022/11/10 | ||||
|  */ | ||||
| @Configuration | ||||
| public class SecuritySecureConfig { | ||||
| 
 | ||||
|     /** | ||||
|      * 应用上下文路径 | ||||
|      */ | ||||
|     private final String adminContextPath; | ||||
| 
 | ||||
|     public SecuritySecureConfig(AdminServerProperties adminServerProperties) { | ||||
|         this.adminContextPath = adminServerProperties.getContextPath(); | ||||
|     } | ||||
| 
 | ||||
|     @Bean | ||||
|     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { | ||||
|         SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler(); | ||||
|         successHandler.setTargetUrlParameter("redirectTo"); | ||||
|         successHandler.setDefaultTargetUrl(adminContextPath + "/"); | ||||
|         http.authorizeRequests() | ||||
|                 //1.配置所有静态资源和登录也可以公开访问 | ||||
|                 .antMatchers(adminContextPath + "/assets/**") | ||||
|                 .permitAll() | ||||
|                 .antMatchers(adminContextPath + "/login") | ||||
|                 .permitAll() | ||||
|                 //2. 其他请求,必须经过认证 | ||||
|                 .antMatchers("/actuator/**","/instances").permitAll() | ||||
|                 .anyRequest().authenticated() | ||||
|                 .and() | ||||
|                 //3. 配置登录和登出路径 | ||||
|                 .formLogin().loginPage(adminContextPath + "/login") | ||||
|                 .successHandler(successHandler) | ||||
|                 .and() | ||||
|                 .logout().logoutUrl(adminContextPath + "/logout"); | ||||
| 
 | ||||
| 
 | ||||
|         return http.build(); | ||||
|     } | ||||
| 
 | ||||
|     @Bean | ||||
|     public HttpHeadersProvider customHttpHeadersProvider() { | ||||
|         return (instance) -> { | ||||
|             HttpHeaders httpHeaders = new HttpHeaders(); | ||||
|             httpHeaders.add(SecurityConstants.ACTUATOR_FROM, SecurityConstants.ACTUATOR_FROM_IN); | ||||
|             return httpHeaders; | ||||
|         }; | ||||
|     } | ||||
| } | ||||
| ``` | ||||
| - 在对应的monitor-运行环境.yml 配置用户 | ||||
| ```yaml | ||||
| spring: | ||||
|   security: | ||||
|       user: | ||||
|         name: root | ||||
|         password: password | ||||
| ``` | ||||
| 
 | ||||
| ## 客户端配置 | ||||
| - 在对应的application-运行环境.yml 配置actuator暴露信息 | ||||
| ```yaml | ||||
| management: | ||||
|   endpoints: | ||||
|     web: | ||||
|       exposure: | ||||
|         include: "*"   | ||||
|   server: | ||||
|     port: 9595 # 服务端口,在使用k8s的情况下,每一个服务都是在单独的一个docker中,所以他们的端口是不会发生冲突的 | ||||
|   endpoint: | ||||
|     health: | ||||
|       show-details: ALWAYS | ||||
| ``` | ||||
| 
 | ||||
| ## 效果图 | ||||
|  | ||||
|  | ||||
|  | ||||
|  | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
										
											Binary file not shown.
										
									
								
							| After Width: | Height: | Size: 38 KiB | 
										
											Binary file not shown.
										
									
								
							| After Width: | Height: | Size: 79 KiB | 
										
											Binary file not shown.
										
									
								
							| After Width: | Height: | Size: 28 KiB | 
										
											Binary file not shown.
										
									
								
							| After Width: | Height: | Size: 84 KiB | 
		Loading…
	
		Reference in New Issue