Monitoring with Spring Boot Admin

Getting Started with Spring Boot, Part 16 Monitoring with Spring Boot Admin

Spring boot applications can be monitored with the actuator as shown. For this, there are additional extensions such as “Spring Boot Admin”, which take care of calling the endpoints and data visualization.

Companies on the topic

With Spring Boot Admin, Codecentric has developed a convenient UI environment for monitoring.

(Picture: Codecentric)

In the previous article of the series, the Actuator tool was introduced, which can be used to monitor Spring Boot applications. The endpoints of the actuator framework are queried using http or JMX.

In practice, however, this is very uncomfortable without further aids, especially if several services are to be kept in mind. A free addition to the actuator is the project Spring Boot Admin of the company Codecentric. The tool does not belong to Spring, but it is firmly established in the community.

“Spring Boot” Tutorial

Picture gallery with 15 pictures

Setting Up Spring Boot Admin

To set up the Admin UI, a new Spring Boot service is created. In addition to the required dependency to Spring Web, it also receives an entry for spring boot admin starter servers in the POM. Currently version 2.4.1 is up-to-date:

<dependency> <groupId>de.codecentric</groupId> <artifactId>spring-boot-admin-starter-server</artifactId> <version>2.4.1</version> </dependency><dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency>

The application class of the created service is annotated with @EnableAdminServer:

@EnableAdminServer @SpringBootApplication public class AdminMonitorApplication { public static void main(String[] args) { SpringApplication.run(AdminMonitorApplication.class, args); } }

The first start of the admin monitor.

(Picture: Koller / Codecentric)

The monitor can then already be started. Without changing the port, it is initially like any new service under http://localhost:8080 available. If you want to change the port, you can do this by setting the property server.port in application.get properties done:

server.port=8081

As the screenshot shows, no client applications are connected yet. These must first log in to the monitor in order to be “monitored”.

Registering Client Services

, which should register with the admin server for monitoring, receive the Dependency spring-boot-admin-starter-client in the POM in addition to the dependency to spring-boot-starter-actuator that is required anyway:

<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-actuator</artifactId> </dependency><dependency> <groupId>de.codecentric</groupId> <artifactId>spring-boot-admin-starter-client</artifactId> <version>2.4.1</version> </dependency>

In addition, the URL of the admin server must be communicated to the application to be monitored. This is done in the properties file application.properties of the client application. As explained in the previous post, it is also necessary to specify which endpoints should be published:

spring.boot.admin.client.url=http://localhost:8081 management.endpoints.web.exposure.include=*

A first service in the monitor.

(Picture: Koller / Codecentric)

After restarting the application, it will now appear in the list of applications to monitor. Clicking on the gray area around the link with the client URL (do not click on the link itself) will lead to the details of the monitored service. According to the released endpoints, more or less information appears here. In the example, everything was released for demonstration.

Securing the Admin Server

Sensitive data such as the log file of the application can be viewed in the admin server. Depending on the configuration, you may even be able to change data. Of course, this should not be possible for everyone on the network, but should be reserved for the administrator of the service.

For this reason, it is recommended to secure the admin server with Spring Security. Thanks to Spring Boot’s “Convention over Configuration” approach, this is not so complex. First, the security starter is integrated into the POM of the admin server. In addition, a dependency is added to a send login page for the admin server:

<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency><dependency> <groupId>de.codecentric</groupId> <artifactId>spring-boot-admin-server-ui</artifactId> <version>2.4.1</version> </dependency>

In the application.properties of the admin server user name and password for the admin access are stored:

spring.security.user.name=admin spring.security.user.password=mypassword

Last but not least, a security configuration class is added according to the documentation of Spring Boot Admin:

@Configuration public class SecuritySecureConfig extends WebSecurityConfigurerAdapter { private final AdminServerProperties adminServer; private final SecurityProperties security; public SecuritySecureConfig(AdminServerProperties adminServer, SecurityProperties security) { this.adminServer = adminServer; this.security = security; } @Override protected void configure(HttpSecurity http) throws Exception { SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler(); successHandler.setTargetUrlParameter("redirectTo"); successHandler.setDefaultTargetUrl(this.adminServer.path("https://www.dev-insider.de/")); http.authorizeRequests( (authorizeRequests) -> authorizeRequests.antMatchers(this.adminServer.path("/assets/**")).permitAll() .antMatchers(this.adminServer.path("/actuator/info")).permitAll() .antMatchers(this.adminServer.path("/actuator/health")).permitAll() .antMatchers(this.adminServer.path("/login")).permitAll().anyRequest().authenticated() ).formLogin( (formLogin) -> formLogin.loginPage(this.adminServer.path("/login")).successHandler(successHandler).and() ).logout((logout) -> logout.logoutUrl(this.adminServer.path("/logout"))).httpBasic(Customizer.withDefaults()) .csrf((csrf) -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) .ignoringRequestMatchers( new AntPathRequestMatcher(this.adminServer.path("/instances"), HttpMethod.POST.toString()), new AntPathRequestMatcher(this.adminServer.path("/instances/*"), HttpMethod.DELETE.toString()), new AntPathRequestMatcher(this.adminServer.path("/actuator/**")) )) .rememberMe((rememberMe) -> rememberMe.key(UUID.randomUUID().toString()).tokenValiditySeconds(1209600)); } }

Among other things, the configuration specifies that all accesses, except for static assets and the login page, must only be made by authenticated users. In addition, the paths for login and logout are defined.

“Spring Boot” Tutorial

Picture gallery with 15 pictures

(Picture: Koller / Codecentric)

After restarting and calling the URL http://localhost:8081 you will now first land on a login page. After specifying the in application.finally, the page with the monitored services is displayed. Unfortunately, no clients are visible in the server anymore. These have been locked out with the new security settings and can no longer register.

The client applications therefore get in your application.properties also provided username and password:

spring.boot.admin.client.username=admin spring.boot.admin.client.password=mypassword

After that, the clients appear again in the list of applications to be monitored.

Spring is a powerful framework and as so often there is so much more to discover about Spring Boot Admin. A good place to start is the Quick Guide in Codecentric’s github repository. Have fun monitoring!

(ID: 47487398)