Spring Boot Actuator

By | July 30, 2021

In this post, We will talk and learn about Spring Boot Actuator

Spring Boot provides various features to monitor and manage our application when the project is pushed into production. We can opt to manage and monitor our application by using HTTP endpoints. Auditing, health check, and metrics gathering can also be checked using Actuator End Points. So Actuator is production Ready Features provided by Spring Boot.

Enabling Production-ready Features

When you add  spring-boot-starter-actuator  dependency in your project then Spring boot provides all the production-ready features. 

You will have to add the following spring boot actuator starter  dependency in your pom.xml:

For Gradle, use the following declaration:

Endpoints

The Spring boot actuator Rest endpoints are helped us to monitor and interact with our application. Spring Boot provides a number of built-in endpoints and even you have the option to define your own custom endpoints.

For example, the /health endpoint gives us basic application health information.

We have an option to either enable or disable each individual endpoint and exposed it (made remotely accessible) over HTTP or JMX. An endpoint is considered to be accessible when it is both enabled and exposed.

The built-in spring boot actuator Rest endpoints will only be auto-configured when they are available. One thing you should keep in mind is that most of the applications usually preferred to choose exposure via HTTP, where the ID of the endpoint along with that you will have to use a prefix of /actuator to get actuator Rest URL.

For example, by default, the endpoint is mapped to /actuator/health

The following are some of the important technology-agnostic endpoints are available:

EndPoint ID EndPoint IDDescription
beans This Endpoint usually displays a complete list of all the Spring beans available in our application.
caches This Endpoint exposes available caches.
conditions When you want to see the conditions that were evaluated on configuration and auto-configuration classes and the reasons why they did or did not match then you may use this Rest Endpoint.
configprops This rest Endpoint displays a collated list of all @ConfigurationProperties
env This Endpoint gives the properties from Spring’s ConfigurableEnvironment.
flyway If you would like to check any Flyway database migrations that have been applied that require one or more Flyway beans then use this Rest endpoint
health This endpoint displays application health information.
info This end point displays arbitrary application info.
loggers This endpoint gives and modifies the configuration of loggers in the application.
liquibase If you would like to check any Liquibase database migrations that have been applied that require one or more Liquibase beans then use this Rest endpoint.
metrics This rest Endpoint displays ‘metrics’ information of the current application.
mappings This Endpoint shows a collated list of all @RequestMapping paths.
quartz This endpoint displays information about Quartz Scheduler jobs.
scheduledtasks This endpoint shows the scheduled tasks in your application.
threaddump This endpoint performs a thread dump.

Few endpoints are provided for web application (Spring MVC, Spring WebFlux, or Jersey):

Endpoint ID Description
heapdump This Endpoint returns an hprof heap dump file. Requires a HotSpot JVM.
jolokia This rest Api gives JMX beans over HTTP (when you have Jolokia is on the classpath, not available for WebFlux). please note that it has a dependency on jolokia-core.
logfile This endpoint usually displays the contents of the logfile (if logging.file.name or logging.file.path properties have been set).
prometheus This Endpoint gives the metrics in a format that can be scraped by a prometheus server. It has a dependency on micrometer-registry-prometheus.

Enabling Endpoints:

By default, only /health endpoint is enabled and spring boot disables the rest of the endpoints as they are sensitive. Because of Spring boot actuator endpoints reveal sensitive information about our application. However, you can enable all of the endpoints by using the below property in the application.properties file:

Management.endpoints.web.exposure.include= *

You have also an alternative option to enable only selected endpoints, keeping the others disabled as below.

management.endpoints.web.exposure.include=metrics,beans

If you want to use the separate port number for accessing the spring boot actuator endpoints then you can add the management port number in the application.properties file:

management.server.port=9090

How to Secure Spring Boot Actuator Endpoints

As we know that the Spring boot actuator Rest endpoints reveal sensitive information about the application. so, anyone who is having access to the actuator endpoint can see things like the Spring Beans, properties configurations, and other metrics about the application. so, it is really very important to put some access restrictions on those endpoints.

Sensitive Endpoints

Spring Boot treats all endpoints as sensitive. Hence, spring boot disables all those endpoints by default except /health endpoint. but , you have option toenable these endpoints using the properties configuration.

You can enable All Endpoint using below property:

Management.endpoints.web.exposure.include= *

You have also an alternative option to enable only selected endpoints, keeping the others disabled as below.

management.endpoints.web.exposure.include=metrics,beans

However, the endpoints are not secured. Because now anyone can access the enabled endpoints. Hence we can set a password-protected mechanism to secure them.

Password Protected Actuator Endpoints:

To enable password protection for endpoints, you need to add starter dependency on Spring Security.

Thanks to Spring Boot Auto Configuration. It automatically initializes all the security-related components. However, We  just need to define a username and password(Ofcourse you can set username & password as per your own choice). as below in application. properties file.

spring.security.user.name= kkjavatutorials
spring.security.user.password=pass123

This’s all you need to do in case if you want to secure spring boot actuator endpoints.

Spring Boot Actuator Example

pom.xml

HelloController.java

application.properties

SpringBootActuatorExampleApplication.java

Now let’s try to access couple of Actuator Endpoints(/actuator/health & /actuator/beans)

http://localhost:9090/actuator/health

http://localhost:9090/actuator/beans

That’s all about Spring Boot Actuator

GitHub Link to Download Source Code

You May Also Like:

What is Spring boot ?
Spring vs Spring boot
How to Configure Multiple Data Sources in a Spring Boot?
Spring BeanFactory Container Example
Spring ApplicationContext Container Example
Annotation-based Configuration in Spring Framework Example
Spring Java-based Configuration Example
Spring Setter Dependency Injection Example
Spring @Autowired Annotation With Setter Injection Example
Spring Constructor based Dependency Injection Example
Spring @Autowired Annotation With Constructor Injection Example

If you have any feedback or suggestion please feel free to drop in below comment box.

Leave a Reply

Your email address will not be published. Required fields are marked *