日期:2019年9月28日

SpringBoot实战(十五):Spring Boot Admin 集成告警模块

版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

本文链接:
https://zhanghan.blog.csdn.net/article/details/101597346

【前言】

Spring Boot Admin做为生产级的监控工具,必然自动化告警必不可少;Spring Boot Admin可以十分简单的集成告警组件;最近研究一下集成邮件告警到项目中,在此与大家共享;

【集成告警模块】

         一、集成告警模块(在此以邮件告警为例)
1、Spring Boot Admin服务端集成(以zh-monitor为例)
(1)Pom中增加邮箱依赖


    org.springframework.boot
    spring-boot-starter-mail

(2)配置文件(application.properties)中增加邮箱相关配置

#****************************alerm email***************************
spring.mail.host=smtp.163.com
spring.mail.username=from@163.com
#注意:此密码为客户端的授权码而非邮箱密码
spring.mail.password=xxxxx
spring.mail.properties.mail.smtp.auth=true
spring.mail.properties.mail.smtp.starttls.enable=true
spring.mail.properties.mail.smtp.starttls.required=true
spring.boot.admin.notify.mail.from=from@163.com
spring.boot.admin.notify.mail.to=to@163.com

(3)启动zh-monitor报错处理
A.报错信息如下:

javax.mail.AuthenticationFailedException: 535 Error: authentication failed

	at com.sun.mail.smtp.SMTPTransport$Authenticator.authenticate(SMTPTransport.java:965) ~[javax.mail-1.6.2.jar:1.6.2]
	at com.sun.mail.smtp.SMTPTransport.authenticate(SMTPTransport.java:876) ~[javax.mail-1.6.2.jar:1.6.2]
	at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:780) ~[javax.mail-1.6.2.jar:1.6.2]
	at javax.mail.Service.connect(Service.java:366) ~[javax.mail-1.6.2.jar:1.6.2]
	at org.springframework.mail.javamail.JavaMailSenderImpl.connectTransport(JavaMailSenderImpl.java:515) ~[spring-context-support-5.1.3.RELEASE.jar:5.1.3.RELEASE]
	at org.springframework.mail.javamail.JavaMailSenderImpl.testConnection(JavaMailSenderImpl.java:396) ~[spring-context-support-5.1.3.RELEASE.jar:5.1.3.RELEASE]
	at org.springframework.boot.actuate.mail.MailHealthIndicator.doHealthCheck(MailHealthIndicator.java:43) ~[spring-boot-actuator-2.1.1.RELEASE.jar:2.1.1.RELEASE]
	at org.springframework.boot.actuate.health.AbstractHealthIndicator.health(AbstractHealthIndicator.java:84) ~[spring-boot-actuator-2.1.1.RELEASE.jar:2.1.1.RELEASE]
	at org.springframework.boot.actuate.health.CompositeHealthIndicator.health(CompositeHealthIndicator.java:98) [spring-boot-actuator-2.1.1.RELEASE.jar:2.1.1.RELEASE]
	at org.springframework.boot.actuate.health.HealthEndpoint.health(HealthEndpoint.java:50) [spring-boot-actuator-2.1.1.RELEASE.jar:2.1.1.RELEASE]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_144]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_144]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_144]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_144]
	at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:246) [spring-core-5.1.3.RELEASE.jar:5.1.3.RELEASE]
	at org.springframework.boot.actuate.endpoint.invoke.reflect.ReflectiveOperationInvoker.invoke(ReflectiveOperationInvoker.java:76) [spring-boot-actuator-2.1.1.RELEASE.jar:2.1.1.RELEASE]
	at org.springframework.boot.actuate.endpoint.annotation.AbstractDiscoveredOperation.invoke(AbstractDiscoveredOperation.java:61) [spring-boot-actuator-2.1.1.RELEASE.jar:2.1.1.RELEASE]
	at org.springframework.boot.actuate.endpoint.jmx.EndpointMBean.invoke(EndpointMBean.java:126) [spring-boot-actuator-2.1.1.RELEASE.jar:2.1.1.RELEASE]
	at org.springframework.boot.actuate.endpoint.jmx.EndpointMBean.invoke(EndpointMBean.java:99) [spring-boot-actuator-2.1.1.RELEASE.jar:2.1.1.RELEASE]
	at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819) [na:1.8.0_144]
	at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801) [na:1.8.0_144]
	at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1468) [na:1.8.0_144]
	at javax.management.remote.rmi.RMIConnectionImpl.access$300(RMIConnectionImpl.java:76) [na:1.8.0_144]
	at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1309) [na:1.8.0_144]
	at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1401) [na:1.8.0_144]
	at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:829) [na:1.8.0_144]
	at sun.reflect.GeneratedMethodAccessor46.invoke(Unknown Source) ~[na:na]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_144]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_144]
	at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:357) [na:1.8.0_144]
	at sun.rmi.transport.Transport$1.run(Transport.java:200) [na:1.8.0_144]
	at sun.rmi.transport.Transport$1.run(Transport.java:197) [na:1.8.0_144]
	at java.security.AccessController.doPrivileged(Native Method) [na:1.8.0_144]
	at sun.rmi.transport.Transport.serviceCall(Transport.java:196) [na:1.8.0_144]
	at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:568) [na:1.8.0_144]
	at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:826) [na:1.8.0_144]
	at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:683) [na:1.8.0_144]
	at java.security.AccessController.doPrivileged(Native Method) [na:1.8.0_144]
	at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:682) [na:1.8.0_144]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[na:1.8.0_144]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[na:1.8.0_144]
	at java.lang.Thread.run(Thread.java:748) ~[na:1.8.0_144]

B.报错原因:配置的邮箱不允许客户端访问,授权码不正确
C.解决方案:开启客户端授权登录,并在配置文件中配置正确授权码;在此以163邮箱为例

2、Spring Boot Admin客户端无需改动
         二、查看效果
1、启动zh-boot
2、启动zh-monitor
3、停止zh-boot项目,收到服务停止邮件

4、启动zh-boot项目,收到服务启动邮件

         三、项目地址:
1、地址:https://github.com/dangnianchuntian/springboot
2、代码版本:1.6.0-Release

【总结】

1、自动化告警是生产级别项目必不可少一个重要组成部分,有了告警可以让我们知道线上项目发生了什么;
2、接下来会为大家共享多关于SpringBootAdmin模块。

Posted by zhanghan in SpringBoot实战, 1 comment

SpringBoot实战(十四):Spring Boot Admin 集成安全模块

版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

本文链接:
https://zhanghan.blog.csdn.net/article/details/101595226

【前言】

Spring Boot Admin做为生产级的监控工具,必然不能随便让人去操作以免误操作导致线上问题,所以有必要集成Security组件;Spring Boot Admin可以十分简单的集成这安全组件;已集成项目中,在此与大家共享;

【集成安全模块】

         一、集成安全(Security)模块
1、Spring Boot Admin服务端集成(以zh-monitor为例)
(1)Pom中增加Security依赖


   org.springframework.boot
   spring-boot-starter-security

(2)配置文件(application.properties)中增加用户名和密码的设置

#spring boot default user.name='user'
spring.security.user.name=admin
#spring boot dafault user.password 在项目启动时打印在控制台中
spring.security.user.password=admin

(3)增加SecuritySecureConfig配置类

/*
 * Copyright (c) 2019. zhanghan_java@163.com All Rights Reserved.
 * 项目名称:实战SpringBoot
 * 类名称:SecuritySecureConfig.java
 * 创建人:张晗
 * 联系方式:zhanghan_java@163.com
 * 开源地址: https://github.com/dangnianchuntian/springboot
 * 博客地址: https://zhanghan.blog.csdn.net
 */

package com.zhanghan.zhmonitor.config;

import de.codecentric.boot.admin.server.config.AdminServerProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;

@Configuration
public class SecuritySecureConfig extends WebSecurityConfigurerAdapter {

    private final String adminContextPath;

    public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
        this.adminContextPath = adminServerProperties.getContextPath();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        successHandler.setTargetUrlParameter("redirectTo");
        successHandler.setDefaultTargetUrl(adminContextPath + "/");


        http.authorizeRequests()
                .antMatchers(adminContextPath + "/assets/**").permitAll()
                .antMatchers(adminContextPath + "/login").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
                .logout().logoutUrl(adminContextPath + "/logout").and()
                .httpBasic().and()
                .csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
                .ignoringAntMatchers(
                        adminContextPath + "/instances",
                        adminContextPath + "/actuator/**");

        // @formatter:on
    }

}

2、Spring Boot Admin客户端集成(以zh-boot为例)
(1)在配置文件(application.properties)中增加用户名和密码

#Security
spring.boot.admin.client.username=admin
spring.boot.admin.client.password=admin

3、查看效果
(1)启动zh-monitor
(2)启动zh-boot
(3)访问zh-monitor(http://localhost:8081
a.跳转至登录页面

b.输入admin的用户名和密码登录

         三、项目地址:
1、地址:https://github.com/dangnianchuntian/springboot
2、代码版本:1.6.0-Release

【总结】

1、安全猛于虎,没有安全设置相当于裸奔,一般线上环境的Spring Boot Admin应该由运维统一控制,开发只能查看,如果需要更改日志级别等操作等应由技术leader批准运维统一执行;
2、接下来会为大家共享多关于SpringBootAdmin集成告警模块。

Posted by zhanghan in SpringBoot实战, 0 comments