“This is my fourth day of participating in the First Challenge 2022. For more details: First Challenge 2022.”

Spring Boot Admin (SBA) is an open source community project for managing and monitoring Spring Boot applications, It provides detailed health information, memory information, JVM system and environment properties, garbage collection information, log setup and viewing, scheduled task viewing, Spring Boot cache viewing and management, and more. The SBA monitoring overview is as follows:In the last article, we talked about the setup and use of SBA. Click here to visit:Mp.weixin.qq.com/s/cciU2u-LX…However, the above application cannot meet the requirements of our production environment. The production environment needs to be configured with at least two functions:

  1. The alarm function of the monitored Spring Boot project is indispensable because we cannot always watch the SBA monitoring system, but we need to know in the first time when there is a problem with the system.
  2. By default, SBA can be used without permission verification, that is, all users can use the address normally if they know it. This does not meet the security requirements of the production system, so user authorization is also essential.

Let’s look at the concrete implementation of the above functions.

1. Add alarm reminder function

Alarm reminder function is based on the mailbox, of course, you can also use other reminder functions, such as the nail or flying book robot reminder is also ok, but the mailbox alarm function is the lowest cost, so this article we look at the concrete realization of the mailbox alarm reminder function.

1.1 Adding the Mail Support framework

Add the following configuration to the SBA dependency file pom.xml:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-mail</artifactId>
</dependency>
Copy the code

1.2 Configuring Receiving and Sending Email Addresses

In the SBA configuration file application.properties, add the following configuration for receiving and sending mailboxes:

# configuration send email [email protected] # configuration receive email SMTP email [email protected] # configuration Address (the fixed host of qq email is smtp.qq.com) spring.mail.host=smtp.qq.com Password = XXXXXX # configure the account name of the email (this is the account name of the email) [email protected]Copy the code

1.2.1 Enabling the SMTP service

SMTP is a protocol that provides reliable and efficient E-mail transmission. The SMTP service must be enabled for the email box to be sent. Otherwise, the email sending function cannot be implemented. If you are using QQ email refer to the following configuration, open QQ email, find the IMAP/SMTP service in the email account Settings and enable it, as shown in the picture below:

1.2.2 Generating an Authorization Code

The email to be sent should generate an email authorization code. Take QQ email as an example, find “Generate authorization Code” in the account Settings of the email and click to generate it, as shown in the picture below:

1.3 Email alarm test

After the above configuration, ** no need to add any code!! No code to add!! No code to add!! ** can realize the project status change email notification function. Let’s test, close my local monitored Spring Boot project, and the mailbox will receive the offline message of the project, as shown in the picture below:When I start the monitored Spring Boot project, the mailbox will receive the server startup email, as shown below:Spring Boot Admin will automatically send emails to the mailbox that receives notifications when the monitored project is down or started.

1.4 Precautions

Precautions for alarm function are as follows:

  1. The SMTP service must be enabled on the email box that sends emails.
  2. You do not need to set a password for sending email. You only need to set an email authorization code for the configuration item Spring.mail. password.
  3. The sending and receiving email addresses can be the same.
  4. SBA mailbox alarm reminder function does not need to add any code, just need to add the corresponding framework support, and then configure the correct receiving and sending mailbox.

1.5 Configuring Multiple Alarm notification mailboxes

Alarm function of the project, usually need to notify the relevant person in charge of a group of, rather than a person, such as might notice, head of operations, procedures, and the project manager, etc., and SBA people remind email configuration is also very easy, only need in the configuration file of SBA add multiple receives an E-mail, between multiple E-mail use commas in English, The configuration is as follows:

# configuration receiving mailboxes spring. The boot. Admin. Notify. Mail. To = XXX@qq.com,yyy@qq.com
Copy the code

2. Set the access permission

SBA does not have permission authentication by default, but the production environment must configure permission authentication. Here, we add the Spring Security framework to achieve permission interception, as follows.

2.1 Adding Security Framework Support

Add the following configuration to the SBA dependency file pom.xml:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>
Copy the code

2.2 Setting the Login Account

Add the following configuration to the SBA configuration file application.properties:

# set the login user name, password and role spring. Security. The user. The name = java666 spring. Security. The user. The password = java666 spring.security.user.roles=SBA_ADMINCopy the code

2.3 Setting Permission Resources

Next in the SBA project, add the following resource Settings classes as shown in the following code (to be used by copying directly into the project) :

import de.codecentric.boot.admin.server.config.AdminServerProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;

@EnableWebSecurity
@Configuration(proxyBeanMethods = false)
public class AdminSecurityConfig extends WebSecurityConfigurerAdapter {
    private final String adminContextPath;

    public AdminSecurityConfig(AdminServerProperties adminServerProperties) {
        this.adminContextPath = adminServerProperties.getContextPath();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        successHandler.setTargetUrlParameter("redirectTo");
        successHandler.setDefaultTargetUrl(adminContextPath + "/");
        http.authorizeRequests()
                .antMatchers(adminContextPath + "/assets/**").permitAll()
                .antMatchers(adminContextPath + "/login").permitAll()
                .antMatchers(adminContextPath + "/instances/**").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
                .logout().logoutUrl(adminContextPath + "/logout").and()
                .httpBasic().and()
                .csrf()
                .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
                .ignoringAntMatchers(
                        adminContextPath + "/instances",
                        adminContextPath + "/actuator/**"
                );
    }

    @Override
    public void configure(WebSecurity web) {
        web.ignoring().antMatchers("/actuator/**"); }}Copy the code

2.4 visit the SBA

At this point, you need to enter the user name and password to access the SBA monitoring system, as shown below:We can log in by entering the user name and password set in step 2.2, as shown below:Click Logout to log out of SBA system.

conclusion

SBA alarm reminder function only needs to add the mail sending framework, configure the right to receive and send mail, without adding any code can realize the alarm reminder function, and alarm reminder mailbox can be configured multiple. SBA can implement user permission validation by adding Spring Security.

Judge right and wrong from yourself, praise to listen to others, gain and loss in the number.

Public number: Java interview analysis

Interview collection: gitee.com/mydb/interv…