DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones AWS Cloud
by AWS Developer Relations
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones
AWS Cloud
by AWS Developer Relations
Building Scalable Real-Time Apps with AstraDB and Vaadin
Register Now

Trending

  • Using OpenAI Embeddings Search With SingleStoreDB
  • Execution Type Models in Node.js
  • Best Practices for Securing Infrastructure as Code (Iac) In the DevOps SDLC
  • Which Is Better for IoT: Azure RTOS or FreeRTOS?

Trending

  • Using OpenAI Embeddings Search With SingleStoreDB
  • Execution Type Models in Node.js
  • Best Practices for Securing Infrastructure as Code (Iac) In the DevOps SDLC
  • Which Is Better for IoT: Azure RTOS or FreeRTOS?
  1. DZone
  2. Coding
  3. Frameworks
  4. Spring Boot Actuator: A Complete Guide

Spring Boot Actuator: A Complete Guide

If you want enhanced control over your endpoints, including tuning sensitivity and security, you should familiarize yourself with Spring Boot Actuator and its tools.

Dhiraj Ray user avatar by
Dhiraj Ray
·
Updated Feb. 27, 17 · Tutorial
Like (31)
Save
Tweet
Share
126.07K Views

Join the DZone community and get the full member experience.

Join For Free

Spring Boot Actuator is a sub-project of Spring Boot. It provides several production-grade services to your application out of the box. Once Actuator is configured in your Spring Boot application, you can interact and monitor your application by invoking different HTTP endpoints exposed by Spring Boot Actuator such as application health, bean details, version details, configurations, logger details, etc.

Spring Boot includes a number of built-in endpoints, and you can also add your own or even configure existing endpoints to be exposed on any custom endpoints of your choice. It is obvious that all the endpoints cannot be exposed publicly, considering that there are many sensitive endpoints like beans, env, etc. Hence, Spring Boot also sets sensitive defaults to true for many endpoints that require a username/password when they are accessed over HTTP (or simply disabled if web security is not enabled). Health and info are not sensitive by default.

How to Enable Spring Boot Actuator

This is easy. You only need to include the following maven dependency in your existing pom.xml file:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-actuator</artifactId>
</dependency>

Different Actuator Endpoints

Once above maven dependency is included in the POM file, 16 different actuator REST endpoints, such as actuator, beans, dump, info, loggers, and metrics are exposed.

For a complete list of actuator REST endpoints, with examples, you can take a look here.

If you are using Spring MVC on top of this, then four additional endpoints — docs, heapdump, jolokia, and logfile can be used.

Customizing Actuator Endpoints

Spring Boot allows customizing endpoints by using Spring properties. Simply mention the properties you want to customize in your application.properties. You can customize an endpoint in three ways. You can enable or disable an endpoint, customize its sensitivity, and also its id.

The following is an example that changes the sensitivity and id of the metrics endpoint and also enables shutdown.

endpoints.metrics.id=springmetrics
endpoints.metrics.sensitive=false
endpoints.metrics.enabled=true


Apart from this, you can also customize the endpoints globally. The following example marks all endpoints as sensitive except info.

endpoints.sensitive=true
endpoints.info.sensitive=false


If you're interested, here are the code and configurations for customization of actuator endpoints.

Securing Actuator Endpoints

As we saw, there are only two endpoints, health and info, that are by default not sensitive. But other endpoints, like loggers and beans, that are sensitive and hence require authorization to access. To access these sensitive endpoints, you can either disable the sensitivity or secure it using Spring Security.

To secure the actuator endpoints, include following maven dependency in your pom.xml file.

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>


In Spring Boot, including the above dependencies will by default provide inbuilt form-based authentication with the userid as the user and a randomly generated password. The following entries are then required to enable basic security to your sensitive endpoints.

management.security.enabled=true
security.basic.enabled=true
security.user.name=admin
security.user.password=admin


To access the actuator-restricted endpoints, you have to have the ACTUATOR role. It is a default configuration.

Apart from this, you can also secure actuator REST endpoints using AuthenticationManagerBuilder  by extending the WebSecurityConfigurerAdapter class provided by Spring. Here is the complete implementation using AuthenticationManagerBuilder.

Creating a Custom Actuator Endpoint

The best thing about Spring is that it always encourages developers to come up with their own configurations and implementations — and this is the case with actuator endpoints, too.

To customize the endpoint and define your own endpoint, simply implement the interface Endpoint and override its methods. That's it, you're finished exposing your own endpoints.

The following is a simple code snippet that defines a custom endpoint in Spring Actuator. It can be accessed at /showendpoints.

import org.springframework.boot.actuate.endpoint.AbstractEndpoint;
import org.springframework.boot.actuate.endpoint.Endpoint;
import org.springframework.stereotype.Component;

import java.util.List;

@Component
public class ListEndPoints extends AbstractEndpoint<List<Endpoint>> {
    private List<Endpoint> endpoints;

    public ListEndPoints(List<Endpoint> endpoints) {
        super("showendpoints");
        this.endpoints = endpoints;
    }

    @Override
    public List<Endpoint> invoke() {
        return this.endpoints;
    }
}


Thanks for reading! Let me know your thoughts on Spring Boot Actuator below.

Spring Framework Spring Boot

Published at DZone with permission of Dhiraj Ray. See the original article here.

Opinions expressed by DZone contributors are their own.

Trending

  • Using OpenAI Embeddings Search With SingleStoreDB
  • Execution Type Models in Node.js
  • Best Practices for Securing Infrastructure as Code (Iac) In the DevOps SDLC
  • Which Is Better for IoT: Azure RTOS or FreeRTOS?

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com

Let's be friends: