SpringBootAdmin 监控Https服务记录

前言:

在搭建SpringBootAdmin监控服务时发现,如果对https服务进行监控会存在问题,在网上看到了一些导入证书的,操作起来较为繁琐,查阅SpringBootAdmin官方文档后发现,其提供了一个扩展ClientHttpConnector,详细说明可查阅官方文档。

解决方案:

引用下官方文档的一段简介:

SBA Server can also use client certificates to authenticate when accessing the actuator endpoints. If a custom configured ClientHttpConnector bean is present, Spring Boot will automatically configure a WebClient.Builder using it, which will be used by Spring Boot Admin.

配置Bean即可,可在SpringBoot启动类中写入,代码如下:

@Bean
    public ClientHttpConnector customHttpClient() throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, SSLException {
        SslContextBuilder sslContext = SslContextBuilder.forClient();
        X509TrustManager x509mgr = new X509TrustManager() {

            //检查客户端证书,若不信任该证书则抛出异常
            public void checkClientTrusted(X509Certificate[] xcs, String string) {
            }
            //检查服务端证书,如不信任该证书则抛出异常
            public void checkServerTrusted(X509Certificate[] xcs, String string) {
            }
            //返回受信任的X509证书
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
        sslContext.trustManager(x509mgr);
        //Your sslContext customizations go here
        HttpClient httpClient = HttpClient.create().secure(
                ssl -> ssl.sslContext(sslContext)
        );
        return new ReactorClientHttpConnector(httpClient);
    }

这样即可跳过SpringBootAdmin对https的验证

参考:

SpringBootAdmin官方文档:

https://codecentric.github.io/spring-boot-admin/current/#_using_mutual_tls

你可能感兴趣的:(https,java)