We have recently upgraded out Spring-Boot version to 2.1.2 in one of our applications.
I noticed a change in JSON format when I hit this URL:
http://localhost:xxxx/health.
The changed structure is:
{
Health: {
status: "UP"
}
}
Earlier it was:
{
status: "UP"
}
My question is;
1. Why has it been modified?
2. Is there any config to keep the structure as it was before?
With the release of Spring Boot 2, Actuator has been redesigned, and new exciting endpoints were added.
The /actuator/health endpoint is used to check the health or state of the running application. It’s usually exercised by monitoring software to alert us if the running instance goes down or gets unhealthy for other reasons. E.g. Connectivity issues with our DB, lack of disk space…
http://localhost:8080/actuator/health
{
status: "UP"
}
Monitoring and Management over HTTP
If you are developing a web application, Spring Boot Actuator auto-configures all enabled endpoints to be exposed over HTTP. The default convention is to use the id of the endpoint with a prefix of /actuator as the URL path. For example, health is exposed as /actuator/health. TIP: Actuator is supported natively with Spring MVC, Spring WebFlux, and Jersey.
Actuator Security
For security purposes, all actuators other than /health and /info are disabled by default. The management.endpoints.web.exposure.include property can be used to enable the actuators.
If Spring Security is on the classpath and no other WebSecurityConfigurerAdapter is present, all actuators other than /health and /info are secured by Spring Boot auto-configuration. If you define a custom WebSecurityConfigurerAdapter, Spring Boot auto-configuration will back off and you will be in full control of actuator access rules.
Endpoints
Actuator endpoints let you monitor and interact with your application. Spring Boot includes a number of built-in endpoints and lets you add your own. For example, the health endpoint provides basic application health information.
Each individual endpoint can be enabled or disabled. This controls whether or not the endpoint is created and its bean exists in the application context. To be remotely accessible an endpoint also has to be exposed via JMX or HTTP. Most applications choose HTTP, where the ID of the endpoint along with a prefix of /actuator is mapped to a URL. For example, by default, the health endpoint is mapped to /actuator/health.
Actuator JSON
The JSON payloads returned from many endpoints have been improved with Spring Boot 2.0.
Many endpoints now have JSON that more accurately reflects the underlying data. For example, the /actuator/conditions endpoint (/autoconfig in Spring Boot 1.5) now has a top level contexts key to group results by ApplicationContext.
8. Health (health)
To retrieve the health of the application, make a GET request to /actuator/health, as shown in the following curl-based example:
$ curl 'http://localhost:8080/actuator/health' -i -X GET
Useful Information : Baeldung
Related
I am using Spring Boot Actuator module in my project which exposes REST endpoint URLs to monitor & manage application usages in production environment, without coding & configuration for any of them.
By default, only /health and /info endpoints are exposed.
I am customising the endpoints via application.properties file as per my use case.
application.properties.
#To expose all endpoints
management.endpoints.web.exposure.include=*
#To expose only selected endpoints
management.endpoints.jmx.exposure.include=health,info,env,beans
I want to understand, where exactly does Spring Boot create actual endpoints for /health and /info and how does it expose them over HTTP?
Thanks #Puce and #MarkBramnik for helping me out with the reference docs & code repository.
I wanted to understand how the endpoints were working and how they were exposed over HTTP, so that I could create custom endpoints to leverage in my application.
One of the great features of Spring Framework is that it’s very easy to extend, and I was able to achieve the same.
To create a custom actuator endpoints, Use #Endpoint annotation on a class. Then leverage #ReadOperation / #WriteOperation / #DeleteOperation annotations on the methods to expose them as actuator endpoint bean as needed.
Reference Doc : Implementing Custom Endpoints
Reference Example :
#Endpoint(id="custom_endpoint")
#Component
public class MyCustomEndpoint {
#ReadOperation
#Bean
public String greet() {
return "Hello from custom endpoint";
}
}
The endpoint id i.e custom_endpoint needs to be configured in the list of actuator endpoints to be enabled.
application.properties :
management.endpoints.web.exposure.include=health,info,custom_endpoint
After a restart, endpoint works like a charm!
is there a way in Spring Boot to display only my custom
Request Mappings with actuator? By default it shows everything.
As described in the reference documentation, the default behaviour of actuator endpoints, when the actuator module is on the classpath, is 'opt-out' - that is, most endpoints are enabled by default and must be disabled if required.
For the opposite effect (i.e. actuator endpoints must be specifically enabled), add the following setting to your application.properties:
management.endpoints.enabled-by-default=false
or alternatively, if using YAML:
management:
endpoints:
enabled-by-default: false
There is no way to filter which mappings get added. By default, anything with #RequestMapping is included.
You could always disable the provided mapping endpoint and write your own custom endpoint that includes only the controllers you care about.
Tried with a simple spring boot application with actuator dependency, but not able to access http://localhost:8080/actuator/beans
I am able to access http://localhost:8080/actuator with the following output :
{"_links":{"self":{"href":"http://localhost:8080/actuator","templated":false},"health-component-instance":{"href":"http://localhost:8080/actuator/health/{component}/{instance}","templated":true},"health-component":{"href":"http://localhost:8080/actuator/health/{component}","templated":true},"health":{"href":"http://localhost:8080/actuator/health","templated":false},"info":{"href":"http://localhost:8080/actuator/info","templated":false}}}
ALso majorly the following url's are not accessible listed from here
/auditevents – lists security audit-related events such as user login/logout. Also, we can filter by principal or type among others fields
/beans – returns all available beans in our BeanFactory. Unlike
/auditevents, it doesn’t support filtering
/conditions – formerly known as /autoconfig, builds a report of conditions around auto-configuration
/configprops – allows us to fetch all #ConfigurationProperties beans
/env – returns the current environment properties. Additionally, we can retrieve single properties
/flyway – provides details about our Flyway database migrations
/health – summarises the health status of our application
/heapdump – builds and returns a heap dump from the JVM used by our application
/info – returns general information. It might be custom data, build information or details about the latest commit
/liquibase – behaves like /flyway but for Liquibase
/logfile – returns ordinary application logs
/loggers – enables us to query and modify the logging level of our application
/metrics – details metrics of our application. This might include generic metrics as well as custom ones
/prometheus – returns metrics like the previous one, but formatted to work with a Prometheus server
/scheduledtasks – provides details about every scheduled task within our application
/sessions – lists HTTP sessions given we are using Spring Session
/shutdown – performs a graceful shutdown of the application
/threaddump – dumps the thread information of the underlying JVM
Default management.endpoints.web.exposure.include, info, health
As actuator/health and actuator/info are provided by default . so that you will get the information
management.endpoints.web.exposure.include = * //will allow all endpoints
to be exposed
management.endpoints.web.exposure.include=health,info # Endpoint IDs that should be included or '*' for all.
management.endpoints.web.exposure.exclude= # Endpoint IDs that should be excluded or '*' for all.
management.endpoints.web.base-path=/actuator # Base path for Web endpoints. Relative to server.servlet.context-path or management.server.servlet.context-path if management.server.port is configured.
management.endpoints.web.path-mapping= # Mapping between endpoint IDs and the path that should expose them.
Securing Endpoint
management.endpoint.health.roles= # Roles used to determine whether or not a user is authorized to be shown details. When empty, all authenticated users are authorized. //for health
management.endpoint.health.show-details=always,never # When to show full health details.
Enable/Disable endpoints
management.endpoint.(endpointName).enabled=true # Whether to enable the health endpoint.
e.g. management.endpoint.health.enabled=true
Refer This for Manual Configurations
Refer This for More Details
After recent spring boot upgrade (1.5+) I am no longer able to access /metrics endpoint in my application. To solve this, I added management.security.enabled=false and management.security.roles=ACTUATOR. This allowed me to access the endpoint and it still required credentials before viewing. This works but I don’t understand why. Am I only disabling the ACTUATOR role to access this endpoint? Is there any security risk here?
I know after you move to spring boot 2.0.0.M5 only status and info endpoints are enabled by default. In Spring Boot 2 also you no longer need to have management.security.enabled https://github.com/spring-projects/spring-boot/issues/11383
I generally use this:
management.endpoints.web.exposure.include=info, health, metrics, env, beans, configprops
I have been prototyping with Spring boot where I added dependency on spring-boot-starter-actuator and spring-boot-starter-data-rest and named my testing REST endpoint to /info. Application ran without any errors however my endpoint couldn't be called and app returned 404 all the time.
After some time I found out that actuator project contains SAME endpoint /info and basically overrides my custom RESTful endpoint since I didn't name it.
My question is: Is there any way how I can prevent such behavior in general (meaning bean clashing by mistake)? Or at least get WARN message when this is happening.
Thanks in advance for your answers
You can disable /info actuator endpoint by using the following property;
management.endpoint.info.enabled=false
Actually all can be disabled, or you can enable only certain ones, if you check the source link I've provided below;
By default, all endpoints except for shutdown are enabled. If you prefer to specifically “opt-in” endpoint enablement you can use the endpoints.enabled property.
source
For logging of this behaviour, while deploying you can see the endpoints and corresponding beans, you can deduce from this log I guess. But better not to use same endpoint with actuator while they are enabled.
Yes, there is a chance to disable particular classes by #EnableAutoconfiguration with a parameter exclude= where you can specify classname or whole package by using {} brackets
Example:
#EnableAutoConfiguration(exclude = {MyClassName.class}
#EnableAutoConfiguration(exclude = {MyClassName.class, MyClassName2.class})