SpringBoot 开启 Actuator

在生产环境中，需要实时或定期监控服务的可用性。spring-boot 的actuator（监控）功能提供了很多监控所需的接口。简单的配置和使用如下：

1、引入依赖：

1. <dependency>
2. <groupId>org.springframework.boot</groupId>
3. <artifactId>spring-boot-starter-actuator</artifactId>
4. </dependency>

如果使用http调用的方式，还需要这个依赖：

1. <dependency>
2. <groupId>org.springframework.boot</groupId>
3. <artifactId>spring-boot-starter-web</artifactId>
4. </dependency>

2、配置：

application.yml中指定监控的HTTP端口（如果不指定，则使用和server相同的端口）：

management:
  port: 54001
  # close security. 关闭身份验证，否则无法查询出数据
  security:
    enabled: false

3、使用：

查看health指标：http://localhost:54001/health

1. {"status":"UP","diskSpace":{"status":"UP","total":120031539200,"free":33554337792,"threshold":10485760},"db":{"status":"UP","dataSource1":{"status":"UP","database":"MySQL","hello":1},"dataSource2":{"status":"UP","database":"MySQL","hello":1}}}

4、自定义指标：
4.1 /health：在某个类中implements HealthIndicator接口，然后实现其中的health()方法即可：

代码：

1. @SpringBootApplication
2. @EnableScheduling
3. public class MySpringBootApplication implements HealthIndicator{
4. private static Logger logger = LoggerFactory.getLogger(MySpringBootApplication.class);
5. public static void main(String[] args) {
6. SpringApplication.run(MySpringBootApplication.class, args);
7. logger.info("My Spring Boot Application Started");
8. }
9. /**
10. * 在/health接口调用的时候，返回多一个属性："mySpringBootApplication":{"status":"UP","hello":"world"}
11. */
12. @Override
13. public Health health() {
14. return Health.up().withDetail("hello", "world").build();
15. }
16. }

/health 运行结果（注意第二个指标）：

{"status":"UP","mySpringBootApplication":{"status":"UP","hello":"world"},"diskSpace":{"status":"UP","total":120031539200,"free":33554337792,"threshold":10485760},"db":{"status":"UP","dataSource1":{"status":"UP","database":"MySQL","hello":1},"dataSource2":{"status":"UP","database":"MySQL","hello":1}}}

4.2 /info：配置如下，可以直接给一个字符串，也可以从pom.xml配置中获取

1. info:
2. app:
3. name: "@project.name@" #从pom.xml中获取
4. description: "@project.description@"
5. version: "@project.version@"
6. spring-boot-version: "@project.parent.version@"

/info的结果如下：

{"app":{"name":"my-spring-boot","description":"Test Project for Spring Boot","version":"1.0","spring-boot-version":"1.3.6.RELEASE"}}

官网：http://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#production-ready

源代码参考：https://github.com/xujijun/my-spring-boot

----------------------------

异常情况：

 

• 地址：http://localhost:8088/health

1. /health 只有status信息,没有其他

1. {
2. "status" : "UP"
3. }

• 地址：http://localhost:8088/metrics

1. /metrics 提示没有权限

1. Whitelabel Error Page
2. This application has no explicit mapping for /error, so you are seeing this as a fallback.
3. Mon Nov 20 10:42:15 CST 2017
4. There was an unexpected error (type=Unauthorized, status=401).
5. Full authentication is required to access this resource.

 

 

解决办法【设置端点访问 】：

 

• 方式1-关闭验证

1. application.properties添加配置参数
2. management.security.enabled=false

• 方式2-开启HTTP basic认证
  • 添加依赖

1. <dependency>
2. <groupId>org.springframework.boot</groupId>
3. <artifactId>spring-boot-starter-security</artifactId>
4. </dependency>

• application.properties 添加用户名和密码

1. security.user.name=admin
2. security.user.password=123456
3. management.security.enabled=true
4. management.security.role=ADMIN

• 访问URL http://localhost:8080/env 后，就看到需要输入用户名和密码了。

 

原因分析：

 

• Actuator endpoints 【断点】：

1. Actuator endpoints allow you to monitor and interact with your application.
2. Spring Boot includes a number of built-in endpoints and you can also add your own. 
3. For example the health endpoint provides basic application health information.
4. Actuator 端点允许您监视和与您的应用程序进行交互。
5. Spring Boot包含许多内置的端点，您也可以添加自己的端点。
6. 例如， health端点提供基本的应用程序健康信息。
7. The way that endpoints are exposed will depend on the type of technology that you choose.
8. Most applications choose HTTP monitoring, where the ID of the endpoint is mapped to a URL. 
9. For example, by default, the health endpoint will be mapped to /health.
10. 端点的暴露方式取决于您选择的技术类型。
11. 大多数应用程序选择HTTP监视，其中端点的ID映射到一个URL。
12. 例如，默认情况下，health端点将被映射到/health。

 

The following technology agnostic endpoints are available:

ID	Description	Sensitive  Default
actuator	Provides a hypermedia-based “discovery page” for the other endpoints. Requires Spring HATEOAS to be on the classpath. 为其他端点提供基于超媒体的“发现页面”。要求Spring HATEOAS在类路径上。	true
auditevents	Exposes audit events information for the current application. 公开当前应用程序的审计事件信息。	true
autoconfig	Displays an auto-configuration report showing all auto-configuration candidates and the reason why they ‘were’ or ‘were not’ applied. 显示一个auto-configuration的报告，该报告展示所有auto-configuration候选者及它们被应用或未被应用的原因	true
beans	Displays a complete list of all the Spring beans in your application. 显示一个应用中所有Spring Beans的完整列表	true
configprops	Displays a collated list of all @ConfigurationProperties. 显示一个所有@ConfigurationProperties的整理列表	true
dump	Performs a thread dump. 执行一个线程转储	true
env	Exposes properties from Spring’s ConfigurableEnvironment. 暴露来自Spring　ConfigurableEnvironment的属性	true
flyway	Shows any Flyway database migrations that have been applied. 显示已应用的所有Flyway数据库迁移。	true
health	Shows application health information (when the application is secure, a simple ‘status’ when accessed over an unauthenticated connection or full message details when authenticated). 显示应用程序运行状况信息（应用程序安全时，通过未经身份验证的连接访问时的简单'状态'或通过身份验证时的完整邮件详细信息）。	false
info	Displays arbitrary application info. 显示任意的应用信息。	false
loggers	Shows and modifies the configuration of loggers in the application. 显示和修改应用程序中的记录器配置。	true
liquibase	Shows any Liquibase database migrations that have been applied. 显示已经应用的任何Liquibase数据库迁移。	true
metrics	Shows ‘metrics’ information for the current application. 显示当前应用程序的“指标”信息。	true
mappings	Displays a collated list of all @RequestMapping paths. 显示所有@RequestMapping路径的整理列表。	true
shutdown	Allows the application to be gracefully shutdown (not enabled by default). 允许应用程序正常关机（默认情况下不启用）。	true
trace	Displays trace information (by default the last 100 HTTP requests). 显示跟踪信息（默认最后100个HTTP请求）。	true

 

• Accessing sensitive endpoints【访问敏感端点】

 

By default all sensitive HTTP endpoints are secured such that only users that have an ACTUATOR role may access them.

Security is enforced using the standard HttpServletRequest.isUserInRole method.

(默认情况下，所有敏感的HTTP端点都是安全的，只有具有ACTUATOR角色的用户 可以访问它们。

安全性是使用标准HttpServletRequest.isUserInRole方法强制执行的 。)

1. Use the management.security.roles property if you want something different to ACTUATOR.

If you are deploying applications behind a firewall, you may prefer that all your actuator endpoints can be accessed without requiring authentication.

You can do this by changing the management.security.enabled property:

application.properties.

management.security.enabled=false

1. By default, actuator endpoints are exposed on the same port that serves regular HTTP traffic. 
2. Take care not to accidentally expose sensitive information if you change the management.security.enabled property.
3. (默认情况下，执行器端点暴露在提供常规HTTP通信的相同端口上。
4. 注意不要在更改management.security.enabled属性时意外暴露敏感信息。)

If you’re deploying applications publicly, you may want to add ‘Spring Security’ to handle user authentication.

When ‘Spring Security’ is added, by default ‘basic’ authentication will be used with the username user and a generated password (which is printed on the console when the application starts).

(如果您公开部署应用程序，则可能需要添加“Spring Security”来处理用户身份验证。

当添加“Spring Security”时，默认情况下，“基本”身份验证将与用户名user和生成的密码一起使用（在应用程序启动时在控制台上打印）。)

1. Generated passwords are logged as the application starts. Search for ‘Using default security password’.
2. 生成的密码在应用程序启动时被记录。搜索“使用默认安全密码”。

You can use Spring properties to change the username and password and to change the security role(s) required to access the endpoints.

For example, you might set the following in your application.properties:

security.user.name=admin
security.user.password=secret
management.security.roles=SUPERUSER

If your application has custom security configuration and you want all your actuator endpoints to be accessible without authentication, you need to explicitly configure that in your security configuration. Along with that, you need to change the management.security.enabledproperty to false.

(如果您的应用程序具有自定义安全配置，并且您希望所有执行器端点无需身份验证即可访问，则需要在安全配置中明确配置该端点。与此同时，你需要改变management.security.enabled 属性false。)

If your custom security configuration secures your actuator endpoints, you also need to ensure that the authenticated user has the roles specified under management.security.roles.

(如果您的自定义安全配置保护您的执行器端点，则还需要确保经过身份验证的用户具有在下指定的角色management.security.roles。)

1. If you don’t have a use case for exposing basic health information to unauthenticated users, 
2. and you have secured the actuator endpoints with custom security, you can set management.security.enabled to false.
3. This will inform Spring Boot to skip the additional role check.
4. (如果您没有用于向未经验证的用户公开基本健康信息的用例，并且已经使用自定义安全保护了执行器端点，则可以设置management.security.enabled 为false。这将通知Spring Boot跳过额外的角色检查。)

参考来源:https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#production-ready