如果要启用/禁用某个端点,可以使用management.endpoint.<id>.enabled属性: management:
endpoint:
shutdown:
enabled: true
另外可以通过management.endpoints.enabled-by-default来修改全局端口默认配置,比如下面禁用所有端点只启用info端点:
上面是启用/禁用(enable)某个端点,如果使某个端点暴露(exposure)出来,还需要再配置,默认情况下所有端点在JMX下是全部公开的,在Web下只公开/health和/info两个端点。下面是默认配置:
下面的例子是Web下公开所有端点: management:
endpoints:
web:
exposure:
include: '*'
保护Actuator HTTP端点: 最简单的方式,就是在pom.xml中添加spring-boot-starter-security。由SpringBoot Security的特性可知,系统会自动给我们创建login/logout page,还有一个user和password,此外系统还会自动给我配置一个ManagementWebSecurityConfigurerAdapter(extends WebSecurityConfigurerAdapter),配置Actuator各个Endpoint的权限。 当然我们也可以自定义一个WebSecurityConfigurerAdapter配置自己的user和authority。 package com.mytools; import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest; import org.springframework.boot.actuate.health.HealthEndpoint; import org.springframework.boot.actuate.info.InfoEndpoint; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.factory.PasswordEncoderFactories; import org.springframework.security.crypto.password.PasswordEncoder; @Configuration public class MyWebSecurityConfigurer extends WebSecurityConfigurerAdapter { @Bean public PasswordEncoder passwordEncoder() { return PasswordEncoderFactories.createDelegatingPasswordEncoder(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { //@formatter:off PasswordEncoder encoder = new BCryptPasswordEncoder(); auth.inMemoryAuthentication() .withUser("user1").password("{bcrypt}" + encoder.encode("password1")).roles("ADMIN","EUREKA") .and() .withUser("user2").password("{bcrypt}" + encoder.encode("password2")).roles("EUREKA"); //@formatter:on } @Override protected void configure(HttpSecurity http) throws Exception { // comes from ManagementWebSecurityAutoConfiguration and ManagementWebSecurityConfigurerAdapter //@formatter:off http.authorizeRequests() .requestMatchers(EndpointRequest.to(HealthEndpoint.class, InfoEndpoint.class)).permitAll() .anyRequest().authenticated() .and() .formLogin().and() .httpBasic(); //@formatter:on } }
|
|
来自: 米老鼠的世界 > 《Java_Spring》