| ID | Description | Enabled by default |
|---|---|---|
| heapdump | 返回一个GZip压缩的hprof堆dump文件 | Yes |
| jolokia | 通过HTTP暴露JMX beans(当Jolokia在类路径上时,WebFlux不可用) | Yes |
| logfile | 返回日志文件内容(如果设置了logging.file或logging.path属性的话), 支持使用HTTP Range头接收日志文件内容的部分信息 | Yes |
| prometheus | 以可以被Prometheus服务器抓取的格式显示metrics信息 | Yes |
如果要启用/禁用某个端点,可以使用management.endpoint.<id>.enabled属性:
management: endpoint: shutdown: enabled: true
另外可以通过management.endpoints.enabled-by-default来修改全局端口默认配置,比如下面禁用所有端点只启用info端点:
management: endpoints: enabled-by-default: false endpoint: info: enabled: true
上面是启用/禁用(enable)某个端点,如果使某个端点暴露(exposure)出来,还需要再配置,默认情况下所有端点在JMX下是全部公开的,在Web下只公开/health和/info两个端点。下面是默认配置:
| Property | Default |
|---|---|
| management.endpoints.jmx.exposure.exclude | - |
| management.endpoints.jmx.exposure.include | '*' |
| management.endpoints.web.exposure.exclude | - |
| management.endpoints.web.exposure.include | info, health |
下面的例子是Web下公开所有端点:
management: endpoints: web: exposure: include: '*'
保护Actuator HTTP端点:
最简单的方式,就是在pom.xml中添加spring-boot-starter-security。由SpringBoot Security的特性可知,系统会自动给我们创建login/logout page,还有一个user和password,此外系统还会自动给我配置一个ManagementWebSecurityConfigurerAdapter(extends WebSecurityConfigurerAdapter),配置Actuator各个Endpoint的权限。
当然我们也可以自定义一个WebSecurityConfigurerAdapter配置自己的user和authority。
package com.mytools;import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;import org.springframework.boot.actuate.health.HealthEndpoint;import org.springframework.boot.actuate.info.InfoEndpoint;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.security.crypto.factory.PasswordEncoderFactories;import org.springframework.security.crypto.password.PasswordEncoder;@Configurationpublic class MyWebSecurityConfigurer extends WebSecurityConfigurerAdapter { @Bean public PasswordEncoder passwordEncoder() { return PasswordEncoderFactories.createDelegatingPasswordEncoder(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { //@formatter:off PasswordEncoder encoder = new BCryptPasswordEncoder(); auth.inMemoryAuthentication() .withUser("user1").password("{bcrypt}" + encoder.encode("password1")).roles("ADMIN","EUREKA") .and() .withUser("user2").password("{bcrypt}" + encoder.encode("password2")).roles("EUREKA"); //@formatter:on } @Override protected void configure(HttpSecurity http) throws Exception { // comes from ManagementWebSecurityAutoConfiguration and ManagementWebSecurityConfigurerAdapter //@formatter:off http.authorizeRequests() .requestMatchers(EndpointRequest.to(HealthEndpoint.class, InfoEndpoint.class)).permitAll() .anyRequest().authenticated() .and() .formLogin().and() .httpBasic(); //@formatter:on }}
联系客服
