diff --git a/docs/.vuepress/config.js b/docs/.vuepress/config.js index 556304a..c2a0c63 100644 --- a/docs/.vuepress/config.js +++ b/docs/.vuepress/config.js @@ -52,6 +52,14 @@ module.exports = { '/wiki/back-build/' ] // 根据自己的需求来订,对应自己在docs下的文件夹名,默认首页是README.md }, + { + title: '功能使用', + collapsable: false, + children: [ + '/use/spring-amin/', + ] // 根据自己的需求来订,对应自己在docs下的文件夹名,默认首页是README.md + }, + // { // title: '模块介绍', // collapsable: false, diff --git a/docs/use/spring-amin/README.md b/docs/use/spring-amin/README.md new file mode 100644 index 0000000..6c8e1f6 --- /dev/null +++ b/docs/use/spring-amin/README.md @@ -0,0 +1,107 @@ +# 监控模块使用 + +监控模块使用 Spring Boot Admin,配合客户端引入spring-boot-starter-actuator依赖就可以在监控模块中看到对应服务的情况,但是Spring Boot Admin没有权限拦截,所以需要二次权限认证。 + +## 实现原理 +- 引入 spring security + +```xml + + + org.springframework.boot + spring-boot-starter-security + +``` + +- 配置 spring security +```java +/** + * 配置安全认证,以便其他服务注册 + * + * @author Clay + * @date 2022/11/10 + */ +@Configuration +public class SecuritySecureConfig { + + /** + * 应用上下文路径 + */ + private final String adminContextPath; + + public SecuritySecureConfig(AdminServerProperties adminServerProperties) { + this.adminContextPath = adminServerProperties.getContextPath(); + } + + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler(); + successHandler.setTargetUrlParameter("redirectTo"); + successHandler.setDefaultTargetUrl(adminContextPath + "/"); + http.authorizeRequests() + //1.配置所有静态资源和登录也可以公开访问 + .antMatchers(adminContextPath + "/assets/**") + .permitAll() + .antMatchers(adminContextPath + "/login") + .permitAll() + //2. 其他请求,必须经过认证 + .antMatchers("/actuator/**","/instances").permitAll() + .anyRequest().authenticated() + .and() + //3. 配置登录和登出路径 + .formLogin().loginPage(adminContextPath + "/login") + .successHandler(successHandler) + .and() + .logout().logoutUrl(adminContextPath + "/logout"); + + + return http.build(); + } + + @Bean + public HttpHeadersProvider customHttpHeadersProvider() { + return (instance) -> { + HttpHeaders httpHeaders = new HttpHeaders(); + httpHeaders.add(SecurityConstants.ACTUATOR_FROM, SecurityConstants.ACTUATOR_FROM_IN); + return httpHeaders; + }; + } +} +``` +- 在对应的monitor-运行环境.yml 配置用户 +```yaml +spring: + security: + user: + name: root + password: password +``` + +## 客户端配置 +- 在对应的application-运行环境.yml 配置actuator暴露信息 +```yaml +management: + endpoints: + web: + exposure: + include: "*" + server: + port: 9595 # 服务端口,在使用k8s的情况下,每一个服务都是在单独的一个docker中,所以他们的端口是不会发生冲突的 + endpoint: + health: + show-details: ALWAYS +``` + +## 效果图 +![](./login.png) +![](./application.png) +![](./wallboard.png) +![](./instances.png) + + + + + + + + diff --git a/docs/use/spring-amin/application.png b/docs/use/spring-amin/application.png new file mode 100644 index 0000000..320b346 Binary files /dev/null and b/docs/use/spring-amin/application.png differ diff --git a/docs/use/spring-amin/instances.png b/docs/use/spring-amin/instances.png new file mode 100644 index 0000000..44ecadf Binary files /dev/null and b/docs/use/spring-amin/instances.png differ diff --git a/docs/use/spring-amin/login.png b/docs/use/spring-amin/login.png new file mode 100644 index 0000000..94841de Binary files /dev/null and b/docs/use/spring-amin/login.png differ diff --git a/docs/use/spring-amin/wallboard.png b/docs/use/spring-amin/wallboard.png new file mode 100644 index 0000000..a28e374 Binary files /dev/null and b/docs/use/spring-amin/wallboard.png differ