I am using Spring Boot Actuator module in my project which exposes REST endpoint URLs to monitor & manage application usages in production environment, without coding & configuration for any of them.
By default, only /health and /info endpoints are exposed.
I am customising the endpoints via application.properties file as per my use case.
application.properties.
#To expose all endpoints
management.endpoints.web.exposure.include=*
#To expose only selected endpoints
management.endpoints.jmx.exposure.include=health,info,env,beans
I want to understand, where exactly does Spring Boot create actual endpoints for /health and /info and how does it expose them over HTTP?
Thanks #Puce and #MarkBramnik for helping me out with the reference docs & code repository.
I wanted to understand how the endpoints were working and how they were exposed over HTTP, so that I could create custom endpoints to leverage in my application.
One of the great features of Spring Framework is that it’s very easy to extend, and I was able to achieve the same.
To create a custom actuator endpoints, Use #Endpoint annotation on a class. Then leverage #ReadOperation / #WriteOperation / #DeleteOperation annotations on the methods to expose them as actuator endpoint bean as needed.
Reference Doc : Implementing Custom Endpoints
Reference Example :
#Endpoint(id="custom_endpoint")
#Component
public class MyCustomEndpoint {
#ReadOperation
#Bean
public String greet() {
return "Hello from custom endpoint";
}
}
The endpoint id i.e custom_endpoint needs to be configured in the list of actuator endpoints to be enabled.
application.properties :
management.endpoints.web.exposure.include=health,info,custom_endpoint
After a restart, endpoint works like a charm!
Related
I have a microservice application with Spring Boot 2, which used my own library to propagate new endpoint to itself by using actuator functionality - my own actuator implemented an MvcEndpoint interface, and contained 'path' variable which got real API mapping from application.yml of microservice that used this library.
But after I recoded my library to spring boot 2, I have an issue - id property on #Endpoint annotation contains only constant value (as every annotation properties), and I haven't found way to change API path of my actuator endpoint to something like '/api/v1/my-service/my-actuator-endpoint'.
I tried to write this in my application.yml of microservice:
endpoints:
my-actuator-endpoint:
path: /api/v1/my-service/my-actuator-endpoint
But this endpoint still accessible only from /my-actuator-endpoint , which means only by its id.
How can I make this be accessible by custom path like /api/v1/my-service/my-actuator-endpoint, which will be configured in application.yml?
Problem solved, needed to add this property to application.yml:
management:
endpoints:
web:
path-mapping:
my-actuator-endpoint: api/v1/my-service/my-actuator-endpoint
you can expose actuator endpoints by setting configuration in property file like this
management.context-path=/manage
We have recently upgraded out Spring-Boot version to 2.1.2 in one of our applications.
I noticed a change in JSON format when I hit this URL:
http://localhost:xxxx/health.
The changed structure is:
{
Health: {
status: "UP"
}
}
Earlier it was:
{
status: "UP"
}
My question is;
1. Why has it been modified?
2. Is there any config to keep the structure as it was before?
With the release of Spring Boot 2, Actuator has been redesigned, and new exciting endpoints were added.
The /actuator/health endpoint is used to check the health or state of the running application. It’s usually exercised by monitoring software to alert us if the running instance goes down or gets unhealthy for other reasons. E.g. Connectivity issues with our DB, lack of disk space…
http://localhost:8080/actuator/health
{
status: "UP"
}
Monitoring and Management over HTTP
If you are developing a web application, Spring Boot Actuator auto-configures all enabled endpoints to be exposed over HTTP. The default convention is to use the id of the endpoint with a prefix of /actuator as the URL path. For example, health is exposed as /actuator/health. TIP: Actuator is supported natively with Spring MVC, Spring WebFlux, and Jersey.
Actuator Security
For security purposes, all actuators other than /health and /info are disabled by default. The management.endpoints.web.exposure.include property can be used to enable the actuators.
If Spring Security is on the classpath and no other WebSecurityConfigurerAdapter is present, all actuators other than /health and /info are secured by Spring Boot auto-configuration. If you define a custom WebSecurityConfigurerAdapter, Spring Boot auto-configuration will back off and you will be in full control of actuator access rules.
Endpoints
Actuator endpoints let you monitor and interact with your application. Spring Boot includes a number of built-in endpoints and lets you add your own. For example, the health endpoint provides basic application health information.
Each individual endpoint can be enabled or disabled. This controls whether or not the endpoint is created and its bean exists in the application context. To be remotely accessible an endpoint also has to be exposed via JMX or HTTP. Most applications choose HTTP, where the ID of the endpoint along with a prefix of /actuator is mapped to a URL. For example, by default, the health endpoint is mapped to /actuator/health.
Actuator JSON
The JSON payloads returned from many endpoints have been improved with Spring Boot 2.0.
Many endpoints now have JSON that more accurately reflects the underlying data. For example, the /actuator/conditions endpoint (/autoconfig in Spring Boot 1.5) now has a top level contexts key to group results by ApplicationContext.
8. Health (health)
To retrieve the health of the application, make a GET request to /actuator/health, as shown in the following curl-based example:
$ curl 'http://localhost:8080/actuator/health' -i -X GET
Useful Information : Baeldung
Is it possible to configure security for actuator endpoints of a Spring application with Spring Security in a generic way?
According to https://github.com/spring-projects/spring-boot/issues/8646 I need to do this in my custom Spring Security configuration.
But suppose I have both a custom request mapping for /info in my application (on port 8080) and also the actuator info endpoint enabled on port 8081. How can I distinguish these two in Spring Security?
Yes it's possible but not particularly obvious. In your extension of WebSecurityConfigurerAdapter you can inject a collection of the actuator endpoints:
#Inject
private List<AbstractEndpointMvcAdapter<? extends Endpoint<?>>> actuatorEndpoints;
Then in your override of configureHttpSecurity(HttpSecurity http) you can use the getPath() member of each actuator endpoint to pass to the .requestMatchers(forPortAndPath(managementPort, actuatorPath)) builder available on the http argument.
I just found out that Spring Boot 2 explicitly addresses this problem.
See https://docs.spring.io/spring-boot/docs/current-SNAPSHOT/reference/htmlsingle/#production-ready-endpoints-security
I have been prototyping with Spring boot where I added dependency on spring-boot-starter-actuator and spring-boot-starter-data-rest and named my testing REST endpoint to /info. Application ran without any errors however my endpoint couldn't be called and app returned 404 all the time.
After some time I found out that actuator project contains SAME endpoint /info and basically overrides my custom RESTful endpoint since I didn't name it.
My question is: Is there any way how I can prevent such behavior in general (meaning bean clashing by mistake)? Or at least get WARN message when this is happening.
Thanks in advance for your answers
You can disable /info actuator endpoint by using the following property;
management.endpoint.info.enabled=false
Actually all can be disabled, or you can enable only certain ones, if you check the source link I've provided below;
By default, all endpoints except for shutdown are enabled. If you prefer to specifically “opt-in” endpoint enablement you can use the endpoints.enabled property.
source
For logging of this behaviour, while deploying you can see the endpoints and corresponding beans, you can deduce from this log I guess. But better not to use same endpoint with actuator while they are enabled.
Yes, there is a chance to disable particular classes by #EnableAutoconfiguration with a parameter exclude= where you can specify classname or whole package by using {} brackets
Example:
#EnableAutoConfiguration(exclude = {MyClassName.class}
#EnableAutoConfiguration(exclude = {MyClassName.class, MyClassName2.class})
I'd like to have a way how to expose all endpoints that exposed by my Spring application. Is there a simple way to check, for each #profile which are exposed?
Example:
GET /api/resource
GET /api/resource/list
POST /api/resource
PUT /api/resource
In the past, I have used a web application made in Laravel, and they had a simple cli method for checking the exposed methods.
I assume based on how the questions is worded that you are not using Spring Boot, if you were, the actuator mappings endpoint does this for you, but your answer lies in how the mappings endpoint is build in actuator. There is a RequestMappingHandlerMapping object you leverage.
In this scenario you can use two approaches:
Spring Boot Actuator feature. Your endpoints of application will be available at http://host/actuator/mappings
Swagger library can also be used to list all endpoints of a REST API
The best solution is to use Spring boot actuator and hit the endpoint /actuator/mappings to get all the endpoints.
But if you can't use actuator or can't add it as dependency you can retrieve all the endpoints programmatically the mapping handlers, Spring get shipped with three implementations of this interface (HandlerMapping):
RequestMappingHandlerMapping: which is responsible for endpoints that annotated with #RequestMapping and its variants #GetMapping, #PostMapping .. etc
BeanNameUrlHandlerMapping: as the name suggest it will resolve the endpoint(URL) directly to a bean in the application context. for example if you hit the endpoint /resource it will look for a bean with the name /resource.
RouterFunctionMapping: it will scan the application context for RouterFunction beans and dispatch the request to that function.
Anyways, to answer your question you can autowire the bean RequestMappingHandlerMapping and print out all the handler methods. Something similar to this:
#Autowired
RequestMappingHandlerMapping requestMappingHandlerMapping;
#PostConstruct
public void printEnpoints() {
requestMappingHandlerMapping.getHandlerMethods().forEach((k,v) -> System.out.println(k + " : "+ v));
}