This version is still in development and is not considered stable yet. For the latest stable version, please use Spring Boot 3.4.1! |
Endpoints
Actuator endpoints let you monitor and interact with your application.
Spring Boot includes a number of built-in endpoints and lets you add your own.
For example, the health
endpoint provides basic application health information.
You can control access to each individual endpoint and expose them (make them remotely accessible) over HTTP or JMX.
An endpoint is considered to be available when access to it is permitted and it is exposed.
The built-in endpoints are auto-configured only when they are available.
Most applications choose exposure over HTTP, where the ID of the endpoint and a prefix of /actuator
is mapped to a URL.
For example, by default, the health
endpoint is mapped to /actuator/health
.
To learn more about the Actuator’s endpoints and their request and response formats, see the API documentation. |
The following technology-agnostic endpoints are available:
ID | Description |
---|---|
|
Exposes audit events information for the current application.
Requires an |
|
Displays a complete list of all the Spring beans in your application. |
|
Exposes available caches. |
|
Shows the conditions that were evaluated on configuration and auto-configuration classes and the reasons why they did or did not match. |
|
Displays a collated list of all |
|
Exposes properties from Spring’s |
|
Shows any Flyway database migrations that have been applied.
Requires one or more |
|
Shows application health information. |
|
Displays HTTP exchange information (by default, the last 100 HTTP request-response exchanges).
Requires an |
|
Displays arbitrary application info. |
|
Shows the Spring Integration graph.
Requires a dependency on |
|
Shows and modifies the configuration of loggers in the application. |
|
Shows any Liquibase database migrations that have been applied.
Requires one or more |
|
Shows “metrics” information for the current application. |
|
Displays a collated list of all |
|
Shows information about Quartz Scheduler jobs. Subject to sanitization. |
|
Displays the scheduled tasks in your application. |
|
Allows retrieval and deletion of user sessions from a Spring Session-backed session store. Requires a servlet-based web application that uses Spring Session. |
|
Lets the application be gracefully shutdown. Only works when using jar packaging. Disabled by default. |
|
Shows the startup steps data collected by the |
|
Performs a thread dump. |
If your application is a web application (Spring MVC, Spring WebFlux, or Jersey), you can use the following additional endpoints:
ID | Description |
---|---|
|
Returns a heap dump file.
On a HotSpot JVM, an |
|
Returns the contents of the logfile (if the |
|
Exposes metrics in a format that can be scraped by a Prometheus server.
Requires a dependency on |
Controlling Access to Endpoints
By default, access to all endpoints except for shutdown
is unrestricted.
To configure the permitted access to an endpoint, use its management.endpoint.<id>.access
property.
The following example allows unrestricted access to the shutdown
endpoint:
-
Properties
-
YAML
management.endpoint.shutdown.access=unrestricted
management:
endpoint:
shutdown:
access: unrestricted
If you prefer access to be opt-in rather than opt-out, set the management.endpoints.access.default
property to none
and use individual endpoint access
properties to opt back in.
The following example allows read-only access to the loggers
endpoint and denies access to all other endpoints:
-
Properties
-
YAML
management.endpoints.access.default=none
management.endpoint.loggers.access=read-only
management:
endpoints:
access:
default: none
endpoint:
loggers:
access: read-only
Inaccessible endpoints are removed entirely from the application context.
If you want to change only the technologies over which an endpoint is exposed, use the include and exclude properties instead.
|
Limiting Access
Application-wide endpoint access can be limited using the management.endpoints.access.max-permitted
property.
This property takes precedence over the default access or an individual endpoint’s access level.
Set it to none
to make all endpoints inaccessible.
Set it to read-only
to only allow read access to endpoints.
For @Endpoint
, @JmxEndpoint
, and @WebEndpoint
, read access equates to the endpoint methods annotated with @ReadOperation
.
For @ControllerEndpoint
and @RestControllerEndpoint
, read access equates to request mappings that can handle GET
and HEAD
requests.
For @ServletEndpoint
, read access equates to GET
and HEAD
requests.
Exposing Endpoints
By default, only the health endpoint is exposed over HTTP and JMX. Since Endpoints may contain sensitive information, you should carefully consider when to expose them.
To change which endpoints are exposed, use the following technology-specific include
and exclude
properties:
Property | Default |
---|---|
|
|
|
|
|
|
|
|
The include
property lists the IDs of the endpoints that are exposed.
The exclude
property lists the IDs of the endpoints that should not be exposed.
The exclude
property takes precedence over the include
property.
You can configure both the include
and the exclude
properties with a list of endpoint IDs.
For example, to only expose the health
and info
endpoints over JMX, use the following property:
-
Properties
-
YAML
management.endpoints.jmx.exposure.include=health,info
management:
endpoints:
jmx:
exposure:
include: "health,info"
*
can be used to select all endpoints.
For example, to expose everything over HTTP except the env
and beans
endpoints, use the following properties:
-
Properties
-
YAML
management.endpoints.web.exposure.include=*
management.endpoints.web.exposure.exclude=env,beans
management:
endpoints:
web:
exposure:
include: "*"
exclude: "env,beans"
* has a special meaning in YAML, so be sure to add quotation marks if you want to include (or exclude) all endpoints.
|
If your application is exposed publicly, we strongly recommend that you also secure your endpoints. |
If you want to implement your own strategy for when endpoints are exposed, you can register an EndpointFilter bean.
|
Security
For security purposes, only the /health
endpoint is exposed over HTTP by default.
You can use the management.endpoints.web.exposure.include
property to configure the endpoints that are exposed.
Before setting the management.endpoints.web.exposure.include , ensure that the exposed actuators do not contain sensitive information, are secured by placing them behind a firewall, or are secured by something like Spring Security.
|
If Spring Security is on the classpath and no other SecurityFilterChain
bean is present, all actuators other than /health
are secured by Spring Boot auto-configuration.
If you define a custom SecurityFilterChain
bean, Spring Boot auto-configuration backs off and lets you fully control the actuator access rules.
If you wish to configure custom security for HTTP endpoints (for example, to allow only users with a certain role to access them), Spring Boot provides some convenient RequestMatcher
objects that you can use in combination with Spring Security.
A typical Spring Security configuration might look something like the following example:
-
Java
-
Kotlin
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
import static org.springframework.security.config.Customizer.withDefaults;
@Configuration(proxyBeanMethods = false)
public class MySecurityConfiguration {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.securityMatcher(EndpointRequest.toAnyEndpoint());
http.authorizeHttpRequests((requests) -> requests.anyRequest().hasRole("ENDPOINT_ADMIN"));
http.httpBasic(withDefaults());
return http.build();
}
}
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.Customizer.withDefaults
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.web.SecurityFilterChain
@Configuration(proxyBeanMethods = false)
class MySecurityConfiguration {
@Bean
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http.securityMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests { requests ->
requests.anyRequest().hasRole("ENDPOINT_ADMIN")
}
http.httpBasic(withDefaults())
return http.build()
}
}
The preceding example uses EndpointRequest.toAnyEndpoint()
to match a request to any endpoint and then ensures that all have the ENDPOINT_ADMIN
role.
Several other matcher methods are also available on EndpointRequest
.
See the API documentation for details.
If you deploy applications behind a firewall, you may prefer that all your actuator endpoints can be accessed without requiring authentication.
You can do so by changing the management.endpoints.web.exposure.include
property, as follows:
-
Properties
-
YAML
management.endpoints.web.exposure.include=*
management:
endpoints:
web:
exposure:
include: "*"
Additionally, if Spring Security is present, you would need to add custom security configuration that allows unauthenticated access to the endpoints, as the following example shows:
-
Java
-
Kotlin
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
@Configuration(proxyBeanMethods = false)
public class MySecurityConfiguration {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.securityMatcher(EndpointRequest.toAnyEndpoint());
http.authorizeHttpRequests((requests) -> requests.anyRequest().permitAll());
return http.build();
}
}
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.web.SecurityFilterChain
@Configuration(proxyBeanMethods = false)
class MySecurityConfiguration {
@Bean
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http.securityMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests { requests ->
requests.anyRequest().permitAll()
}
return http.build()
}
}
In both of the preceding examples, the configuration applies only to the actuator endpoints.
Since Spring Boot’s security configuration backs off completely in the presence of any SecurityFilterChain bean, you need to configure an additional SecurityFilterChain bean with rules that apply to the rest of the application.
|
Cross Site Request Forgery Protection
Since Spring Boot relies on Spring Security’s defaults, CSRF protection is turned on by default.
This means that the actuator endpoints that require a POST
(shutdown and loggers endpoints), a PUT
, or a DELETE
get a 403 (forbidden) error when the default security configuration is in use.
We recommend disabling CSRF protection completely only if you are creating a service that is used by non-browser clients. |
You can find additional information about CSRF protection in the Spring Security Reference Guide.
Configuring Endpoints
Endpoints automatically cache responses to read operations that do not take any parameters.
To configure the amount of time for which an endpoint caches a response, use its cache.time-to-live
property.
The following example sets the time-to-live of the beans
endpoint’s cache to 10 seconds:
-
Properties
-
YAML
management.endpoint.beans.cache.time-to-live=10s
management:
endpoint:
beans:
cache:
time-to-live: "10s"
The management.endpoint.<name> prefix uniquely identifies the endpoint that is being configured.
|
Sanitize Sensitive Values
Information returned by the /env
, /configprops
and /quartz
endpoints can be sensitive, so by default values are always fully sanitized (replaced by ******
).
Values can only be viewed in an unsanitized form when:
-
The
show-values
property has been set to something other thannever
-
No custom
SanitizingFunction
beans apply
The show-values
property can be configured for sanitizable endpoints to one of the following values:
-
never
- values are always fully sanitized (replaced by******
) -
always
- values are shown to all users (as long as noSanitizingFunction
bean applies) -
when-authorized
- values are shown only to authorized users (as long as noSanitizingFunction
bean applies)
For HTTP endpoints, a user is considered to be authorized if they have authenticated and have the roles configured by the endpoint’s roles property. By default, any authenticated user is authorized.
For JMX endpoints, all users are always authorized.
The following example allows all users with the admin
role to view values from the /env
endpoint in their original form.
Unauthorized users, or users without the admin
role, will see only sanitized values.
-
Properties
-
YAML
management.endpoint.env.show-values=when-authorized
management.endpoint.env.roles=admin
management:
endpoint:
env:
show-values: when-authorized
roles: "admin"
This example assumes that no SanitizingFunction beans have been defined.
|
Hypermedia for Actuator Web Endpoints
A “discovery page” is added with links to all the endpoints.
The “discovery page” is available on /actuator
by default.
To disable the “discovery page”, add the following property to your application properties:
-
Properties
-
YAML
management.endpoints.web.discovery.enabled=false
management:
endpoints:
web:
discovery:
enabled: false
When a custom management context path is configured, the “discovery page” automatically moves from /actuator
to the root of the management context.
For example, if the management context path is /management
, the discovery page is available from /management
.
When the management context path is set to /
, the discovery page is disabled to prevent the possibility of a clash with other mappings.
CORS Support
Cross-origin resource sharing (CORS) is a W3C specification that lets you specify in a flexible way what kind of cross-domain requests are authorized. If you use Spring MVC or Spring WebFlux, you can configure Actuator’s web endpoints to support such scenarios.
CORS support is disabled by default and is only enabled once you have set the management.endpoints.web.cors.allowed-origins
property.
The following configuration permits GET
and POST
calls from the example.com
domain:
-
Properties
-
YAML
management.endpoints.web.cors.allowed-origins=https://example.com
management.endpoints.web.cors.allowed-methods=GET,POST
management:
endpoints:
web:
cors:
allowed-origins: "https://example.com"
allowed-methods: "GET,POST"
See CorsEndpointProperties for a complete list of options.
|
Implementing Custom Endpoints
If you add a @Bean
annotated with @Endpoint
, any methods annotated with @ReadOperation
, @WriteOperation
, or @DeleteOperation
are automatically exposed over JMX and, in a web application, over HTTP as well.
Endpoints can be exposed over HTTP by using Jersey, Spring MVC, or Spring WebFlux.
If both Jersey and Spring MVC are available, Spring MVC is used.
The following example exposes a read operation that returns a custom object:
-
Java
-
Kotlin
@ReadOperation
public CustomData getData() {
return new CustomData("test", 5);
}
@ReadOperation
fun getData(): CustomData {
return CustomData("test", 5)
}
You can also write technology-specific endpoints by using @JmxEndpoint
or @WebEndpoint
.
These endpoints are restricted to their respective technologies.
For example, @WebEndpoint
is exposed only over HTTP and not over JMX.
You can write technology-specific extensions by using @EndpointWebExtension
and @EndpointJmxExtension
.
These annotations let you provide technology-specific operations to augment an existing endpoint.
Finally, if you need access to web-framework-specific functionality, you can implement servlet or Spring @Controller
and @RestController
endpoints at the cost of them not being available over JMX or when using a different web framework.
Receiving Input
Operations on an endpoint receive input through their parameters.
When exposed over the web, the values for these parameters are taken from the URL’s query parameters and from the JSON request body.
When exposed over JMX, the parameters are mapped to the parameters of the MBean’s operations.
Parameters are required by default.
They can be made optional by annotating them with either @javax.annotation.Nullable
or @Nullable
.
You can map each root property in the JSON request body to a parameter of the endpoint. Consider the following JSON request body:
{
"name": "test",
"counter": 42
}
You can use this to invoke a write operation that takes String name
and int counter
parameters, as the following example shows:
-
Java
-
Kotlin
@WriteOperation
public void updateData(String name, int counter) {
// injects "test" and 42
}
@WriteOperation
fun updateData(name: String?, counter: Int) {
// injects "test" and 42
}
Because endpoints are technology agnostic, only simple types can be specified in the method signature.
In particular, declaring a single parameter with a CustomData type that defines a name and counter properties is not supported.
|
To let the input be mapped to the operation method’s parameters, Java code that implements an endpoint should be compiled with -parameters .
For Kotlin code, please review the recommendation of the Spring Framework reference.
This will happen automatically if you use Spring Boot’s Gradle plugin or if you use Maven and spring-boot-starter-parent .
|
Input Type Conversion
The parameters passed to endpoint operation methods are, if necessary, automatically converted to the required type.
Before calling an operation method, the input received over JMX or HTTP is converted to the required types by using an instance of ApplicationConversionService
as well as any Converter
or GenericConverter
beans qualified with @EndpointConverter
.
Custom Web Endpoints
Operations on an @Endpoint
, @WebEndpoint
, or @EndpointWebExtension
are automatically exposed over HTTP using Jersey, Spring MVC, or Spring WebFlux.
If both Jersey and Spring MVC are available, Spring MVC is used.
Web Endpoint Request Predicates
A request predicate is automatically generated for each operation on a web-exposed endpoint.
Path
The path of the predicate is determined by the ID of the endpoint and the base path of the web-exposed endpoints.
The default base path is /actuator
.
For example, an endpoint with an ID of sessions
uses /actuator/sessions
as its path in the predicate.
You can further customize the path by annotating one or more parameters of the operation method with @Selector
.
Such a parameter is added to the path predicate as a path variable.
The variable’s value is passed into the operation method when the endpoint operation is invoked.
If you want to capture all remaining path elements, you can add @Selector(Match=ALL_REMAINING)
to the last parameter and make it a type that is conversion-compatible with a String[]
.
HTTP method
The HTTP method of the predicate is determined by the operation type, as shown in the following table:
Operation | HTTP method |
---|---|
|
|
|
|
|
Consumes
For a @WriteOperation
(HTTP POST
) that uses the request body, the consumes
clause of the predicate is application/vnd.spring-boot.actuator.v2+json, application/json
.
For all other operations, the consumes
clause is empty.
Produces
The produces
clause of the predicate can be determined by the produces
attribute of the @DeleteOperation
, @ReadOperation
, and @WriteOperation
annotations.
The attribute is optional.
If it is not used, the produces
clause is determined automatically.
Web Endpoint Response Status
The default response status for an endpoint operation depends on the operation type (read, write, or delete) and what, if anything, the operation returns.
If a @ReadOperation
returns a value, the response status will be 200 (OK).
If it does not return a value, the response status will be 404 (Not Found).
If a @WriteOperation
or @DeleteOperation
returns a value, the response status will be 200 (OK).
If it does not return a value, the response status will be 204 (No Content).
If an operation is invoked without a required parameter or with a parameter that cannot be converted to the required type, the operation method is not called, and the response status will be 400 (Bad Request).
Web Endpoint Range Requests
You can use an HTTP range request to request part of an HTTP resource.
When using Spring MVC or Spring Web Flux, operations that return a Resource
automatically support range requests.
Range requests are not supported when using Jersey. |
Web Endpoint Security
An operation on a web endpoint or a web-specific endpoint extension can receive the current Principal
or SecurityContext
as a method parameter.
The former is typically used in conjunction with either @javax.annotation.Nullable
or @Nullable
to provide different behavior for authenticated and unauthenticated users.
The latter is typically used to perform authorization checks by using its isUserInRole(String)
method.
Health Information
You can use health information to check the status of your running application.
It is often used by monitoring software to alert someone when a production system goes down.
The information exposed by the health
endpoint depends on the management.endpoint.health.show-details
and management.endpoint.health.show-components
properties, which can be configured with one of the following values:
Name | Description |
---|---|
|
Details are never shown. |
|
Details are shown only to authorized users.
Authorized roles can be configured by using |
|
Details are shown to all users. |
The default value is never
.
A user is considered to be authorized when they are in one or more of the endpoint’s roles.
If the endpoint has no configured roles (the default), all authenticated users are considered to be authorized.
You can configure the roles by using the management.endpoint.health.roles
property.
If you have secured your application and wish to use always , your security configuration must permit access to the health endpoint for both authenticated and unauthenticated users.
|
Health information is collected from the content of a HealthContributorRegistry
(by default, all HealthContributor
instances defined in your ApplicationContext
).
Spring Boot includes a number of auto-configured HealthContributor
beans, and you can also write your own.
A HealthContributor
can be either a HealthIndicator
or a CompositeHealthContributor
.
A HealthIndicator
provides actual health information, including a Status
.
A CompositeHealthContributor
provides a composite of other HealthContributor
instances.
Taken together, contributors form a tree structure to represent the overall system health.
By default, the final system health is derived by a StatusAggregator
, which sorts the statuses from each HealthIndicator
based on an ordered list of statuses.
The first status in the sorted list is used as the overall health status.
If no HealthIndicator
returns a status that is known to the StatusAggregator
, an UNKNOWN
status is used.
You can use the HealthContributorRegistry to register and unregister health indicators at runtime.
|
Auto-configured HealthIndicators
When appropriate, Spring Boot auto-configures the HealthIndicator
beans listed in the following table.
You can also enable or disable selected indicators by configuring management.health.key.enabled
,
with the key
listed in the following table:
Key | Name | Description |
---|---|---|
|
Checks that a Cassandra database is up. |
|
|
Checks that a Couchbase cluster is up. |
|
|
Checks that a connection to |
|
|
Checks for low disk space. |
|
|
Checks that an Elasticsearch cluster is up. |
|
|
Checks that a Hazelcast server is up. |
|
|
Checks that a JMS broker is up. |
|
|
Checks that an LDAP server is up. |
|
|
Checks that a mail server is up. |
|
|
Checks that a Mongo database is up. |
|
|
Checks that a Neo4j database is up. |
|
|
Always responds with |
|
|
Checks that a Rabbit server is up. |
|
|
Checks that a Redis server is up. |
|
|
Checks that SSL certificates are ok. |
You can disable them all by setting the management.health.defaults.enabled property.
|
The ssl HealthIndicator has a "warning threshold" property named management.health.ssl.certificate-validity-warning-threshold .
If an SSL certificate will be invalid within the time span defined by this threshold, the HealthIndicator will warn you but it will still return HTTP 200 to not disrupt the application.
You can use this threshold to give yourself enough lead time to rotate the soon to be expired certificate.
|
Additional HealthIndicator
beans are available but are not enabled by default:
Key | Name | Description |
---|---|---|
|
Exposes the “Liveness” application availability state. |
|
|
Exposes the “Readiness” application availability state. |
Writing Custom HealthIndicators
To provide custom health information, you can register Spring beans that implement the HealthIndicator
interface.
You need to provide an implementation of the health()
method and return a Health
response.
The Health
response should include a status and can optionally include additional details to be displayed.
The following code shows a sample HealthIndicator
implementation:
-
Java
-
Kotlin
import org.springframework.boot.actuate.health.Health;
import org.springframework.boot.actuate.health.HealthIndicator;
import org.springframework.stereotype.Component;
@Component
public class MyHealthIndicator implements HealthIndicator {
@Override
public Health health() {
int errorCode = check();
if (errorCode != 0) {
return Health.down().withDetail("Error Code", errorCode).build();
}
return Health.up().build();
}
private int check() {
// perform some specific health check
return ...
}
}
import org.springframework.boot.actuate.health.Health
import org.springframework.boot.actuate.health.HealthIndicator
import org.springframework.stereotype.Component
@Component
class MyHealthIndicator : HealthIndicator {
override fun health(): Health {
val errorCode = check()
if (errorCode != 0) {
return Health.down().withDetail("Error Code", errorCode).build()
}
return Health.up().build()
}
private fun check(): Int {
// perform some specific health check
return ...
}
}
The identifier for a given HealthIndicator is the name of the bean without the HealthIndicator suffix, if it exists.
In the preceding example, the health information is available in an entry named my .
|
Health indicators are usually called over HTTP and need to respond before any connection timeouts.
Spring Boot will log a warning message for any health indicator that takes longer than 10 seconds to respond.
If you want to configure this threshold, you can use the management.endpoint.health.logging.slow-indicator-threshold property.
|
In addition to Spring Boot’s predefined Status
types, Health
can return a custom Status
that represents a new system state.
In such cases, you also need to provide a custom implementation of the StatusAggregator
interface, or you must configure the default implementation by using the management.endpoint.health.status.order
configuration property.
For example, assume a new Status
with a code of FATAL
is being used in one of your HealthIndicator
implementations.
To configure the severity order, add the following property to your application properties:
-
Properties
-
YAML
management.endpoint.health.status.order=fatal,down,out-of-service,unknown,up
management:
endpoint:
health:
status:
order: "fatal,down,out-of-service,unknown,up"
The HTTP status code in the response reflects the overall health status.
By default, OUT_OF_SERVICE
and DOWN
map to 503.
Any unmapped health statuses, including UP
, map to 200.
You might also want to register custom status mappings if you access the health endpoint over HTTP.
Configuring a custom mapping disables the defaults mappings for DOWN
and OUT_OF_SERVICE
.
If you want to retain the default mappings, you must explicitly configure them, alongside any custom mappings.
For example, the following property maps FATAL
to 503 (service unavailable) and retains the default mappings for DOWN
and OUT_OF_SERVICE
:
-
Properties
-
YAML
management.endpoint.health.status.http-mapping.down=503
management.endpoint.health.status.http-mapping.fatal=503
management.endpoint.health.status.http-mapping.out-of-service=503
management:
endpoint:
health:
status:
http-mapping:
down: 503
fatal: 503
out-of-service: 503
If you need more control, you can define your own HttpCodeStatusMapper bean.
|
The following table shows the default status mappings for the built-in statuses:
Status | Mapping |
---|---|
|
|
|
|
|
No mapping by default, so HTTP status is |
|
No mapping by default, so HTTP status is |
Reactive Health Indicators
For reactive applications, such as those that use Spring WebFlux, ReactiveHealthContributor
provides a non-blocking contract for getting application health.
Similar to a traditional HealthContributor
, health information is collected from the content of a ReactiveHealthContributorRegistry
(by default, all HealthContributor
and ReactiveHealthContributor
instances defined in your ApplicationContext
).
Regular HealthContributor
instances that do not check against a reactive API are executed on the elastic scheduler.
In a reactive application, you should use the ReactiveHealthContributorRegistry to register and unregister health indicators at runtime.
If you need to register a regular HealthContributor , you should wrap it with ReactiveHealthContributor#adapt .
|
To provide custom health information from a reactive API, you can register Spring beans that implement the ReactiveHealthIndicator
interface.
The following code shows a sample ReactiveHealthIndicator
implementation:
-
Java
-
Kotlin
import reactor.core.publisher.Mono;
import org.springframework.boot.actuate.health.Health;
import org.springframework.boot.actuate.health.ReactiveHealthIndicator;
import org.springframework.stereotype.Component;
@Component
public class MyReactiveHealthIndicator implements ReactiveHealthIndicator {
@Override
public Mono<Health> health() {
return doHealthCheck().onErrorResume((exception) ->
Mono.just(new Health.Builder().down(exception).build()));
}
private Mono<Health> doHealthCheck() {
// perform some specific health check
return ...
}
}
import org.springframework.boot.actuate.health.Health
import org.springframework.boot.actuate.health.ReactiveHealthIndicator
import org.springframework.stereotype.Component
import reactor.core.publisher.Mono
@Component
class MyReactiveHealthIndicator : ReactiveHealthIndicator {
override fun health(): Mono<Health> {
return doHealthCheck()!!.onErrorResume { exception: Throwable? ->
Mono.just(Health.Builder().down(exception).build())
}
}
private fun doHealthCheck(): Mono<Health>? {
// perform some specific health check
return ...
}
}
To handle the error automatically, consider extending from AbstractReactiveHealthIndicator .
|
Auto-configured ReactiveHealthIndicators
When appropriate, Spring Boot auto-configures the following ReactiveHealthIndicator
beans:
Key | Name | Description |
---|---|---|
|
Checks that a Cassandra database is up. |
|
|
Checks that a Couchbase cluster is up. |
|
|
Checks that an Elasticsearch cluster is up. |
|
|
Checks that a Mongo database is up. |
|
|
Checks that a Neo4j database is up. |
|
|
Checks that a Redis server is up. |
If necessary, reactive indicators replace the regular ones.
Also, any HealthIndicator that is not handled explicitly is wrapped automatically.
|
Health Groups
It is sometimes useful to organize health indicators into groups that you can use for different purposes.
To create a health indicator group, you can use the management.endpoint.health.group.<name>
property and specify a list of health indicator IDs to include
or exclude
.
For example, to create a group that includes only database indicators you can define the following:
-
Properties
-
YAML
management.endpoint.health.group.custom.include=db
management:
endpoint:
health:
group:
custom:
include: "db"
You can then check the result by hitting localhost:8080/actuator/health/custom
.
Similarly, to create a group that excludes the database indicators from the group and includes all the other indicators, you can define the following:
-
Properties
-
YAML
management.endpoint.health.group.custom.exclude=db
management:
endpoint:
health:
group:
custom:
exclude: "db"
By default, startup will fail if a health group includes or excludes a health indicator that does not exist.
To disable this behavior set management.endpoint.health.validate-group-membership
to false
.
By default, groups inherit the same StatusAggregator
and HttpCodeStatusMapper
settings as the system health.
However, you can also define these on a per-group basis.
You can also override the show-details
and roles
properties if required:
-
Properties
-
YAML
management.endpoint.health.group.custom.show-details=when-authorized
management.endpoint.health.group.custom.roles=admin
management.endpoint.health.group.custom.status.order=fatal,up
management.endpoint.health.group.custom.status.http-mapping.fatal=500
management.endpoint.health.group.custom.status.http-mapping.out-of-service=500
management:
endpoint:
health:
group:
custom:
show-details: "when-authorized"
roles: "admin"
status:
order: "fatal,up"
http-mapping:
fatal: 500
out-of-service: 500
You can use @Qualifier("groupname") if you need to register custom StatusAggregator or HttpCodeStatusMapper beans for use with the group.
|
A health group can also include/exclude a CompositeHealthContributor
.
You can also include/exclude only a certain component of a CompositeHealthContributor
.
This can be done using the fully qualified name of the component as follows:
management.endpoint.health.group.custom.include="test/primary"
management.endpoint.health.group.custom.exclude="test/primary/b"
In the example above, the custom
group will include the HealthContributor
with the name primary
which is a component of the composite test
.
Here, primary
itself is a composite and the HealthContributor
with the name b
will be excluded from the custom
group.
Health groups can be made available at an additional path on either the main or management port. This is useful in cloud environments such as Kubernetes, where it is quite common to use a separate management port for the actuator endpoints for security purposes. Having a separate port could lead to unreliable health checks because the main application might not work properly even if the health check is successful. The health group can be configured with an additional path as follows:
management.endpoint.health.group.live.additional-path="server:/healthz"
This would make the live
health group available on the main server port at /healthz
.
The prefix is mandatory and must be either server:
(represents the main server port) or management:
(represents the management port, if configured.)
The path must be a single path segment.
DataSource Health
The DataSource
health indicator shows the health of both standard data sources and routing data source beans.
The health of a routing data source includes the health of each of its target data sources.
In the health endpoint’s response, each of a routing data source’s targets is named by using its routing key.
If you prefer not to include routing data sources in the indicator’s output, set management.health.db.ignore-routing-data-sources
to true
.
Kubernetes Probes
Applications deployed on Kubernetes can provide information about their internal state with Container Probes. Depending on your Kubernetes configuration, the kubelet calls those probes and reacts to the result.
By default, Spring Boot manages your Application Availability state.
If deployed in a Kubernetes environment, actuator gathers the “Liveness” and “Readiness” information from the ApplicationAvailability
interface and uses that information in dedicated health indicators: LivenessStateHealthIndicator
and ReadinessStateHealthIndicator
.
These indicators are shown on the global health endpoint ("/actuator/health"
).
They are also exposed as separate HTTP Probes by using health groups: "/actuator/health/liveness"
and "/actuator/health/readiness"
.
You can then configure your Kubernetes infrastructure with the following endpoint information:
livenessProbe:
httpGet:
path: "/actuator/health/liveness"
port: <actuator-port>
failureThreshold: ...
periodSeconds: ...
readinessProbe:
httpGet:
path: "/actuator/health/readiness"
port: <actuator-port>
failureThreshold: ...
periodSeconds: ...
<actuator-port> should be set to the port that the actuator endpoints are available on.
It could be the main web server port or a separate management port if the "management.server.port" property has been set.
|
These health groups are automatically enabled only if the application runs in a Kubernetes environment.
You can enable them in any environment by using the management.endpoint.health.probes.enabled
configuration property.
If an application takes longer to start than the configured liveness period, Kubernetes mentions the "startupProbe" as a possible solution.
Generally speaking, the "startupProbe" is not necessarily needed here, as the "readinessProbe" fails until all startup tasks are done.
This means your application will not receive traffic until it is ready.
However, if your application takes a long time to start, consider using a "startupProbe" to make sure that Kubernetes won’t kill your application while it is in the process of starting.
See the section that describes how probes behave during the application lifecycle.
|
If your Actuator endpoints are deployed on a separate management context, the endpoints do not use the same web infrastructure (port, connection pools, framework components) as the main application.
In this case, a probe check could be successful even if the main application does not work properly (for example, it cannot accept new connections).
For this reason, it is a good idea to make the liveness
and readiness
health groups available on the main server port.
This can be done by setting the following property:
management.endpoint.health.probes.add-additional-paths=true
This would make the liveness
group available at /livez
and the readiness
group available at /readyz
on the main server port.
Paths can be customized using the additional-path
property on each group, see health groups for details.
Checking External State With Kubernetes Probes
Actuator configures the “liveness” and “readiness” probes as Health Groups. This means that all the health groups features are available for them. You can, for example, configure additional Health Indicators:
-
Properties
-
YAML
management.endpoint.health.group.readiness.include=readinessState,customCheck
management:
endpoint:
health:
group:
readiness:
include: "readinessState,customCheck"
By default, Spring Boot does not add other health indicators to these groups.
The “liveness” probe should not depend on health checks for external systems. If the liveness state of an application is broken, Kubernetes tries to solve that problem by restarting the application instance. This means that if an external system (such as a database, a Web API, or an external cache) fails, Kubernetes might restart all application instances and create cascading failures.
As for the “readiness” probe, the choice of checking external systems must be made carefully by the application developers. For this reason, Spring Boot does not include any additional health checks in the readiness probe. If the readiness state of an application instance is unready, Kubernetes does not route traffic to that instance. Some external systems might not be shared by application instances, in which case they could be included in a readiness probe. Other external systems might not be essential to the application (the application could have circuit breakers and fallbacks), in which case they definitely should not be included. Unfortunately, an external system that is shared by all application instances is common, and you have to make a judgement call: Include it in the readiness probe and expect that the application is taken out of service when the external service is down or leave it out and deal with failures higher up the stack, perhaps by using a circuit breaker in the caller.
If all instances of an application are unready, a Kubernetes Service with type=ClusterIP or NodePort does not accept any incoming connections.
There is no HTTP error response (503 and so on), since there is no connection.
A service with type=LoadBalancer might or might not accept connections, depending on the provider.
A service that has an explicit ingress also responds in a way that depends on the implementation — the ingress service itself has to decide how to handle the “connection refused” from downstream.
HTTP 503 is quite likely in the case of both load balancer and ingress.
|
Also, if an application uses Kubernetes autoscaling, it may react differently to applications being taken out of the load-balancer, depending on its autoscaler configuration.
Application Lifecycle and Probe States
An important aspect of the Kubernetes Probes support is its consistency with the application lifecycle.
There is a significant difference between the AvailabilityState
(which is the in-memory, internal state of the application)
and the actual probe (which exposes that state).
Depending on the phase of application lifecycle, the probe might not be available.
Spring Boot publishes application events during startup and shutdown,
and probes can listen to such events and expose the AvailabilityState
information.
The following tables show the AvailabilityState
and the state of HTTP connectors at different stages.
When a Spring Boot application starts:
Startup phase | LivenessState | ReadinessState | HTTP server | Notes |
---|---|---|---|---|
Starting |
|
|
Not started |
Kubernetes checks the "liveness" Probe and restarts the application if it takes too long. |
Started |
|
|
Refuses requests |
The application context is refreshed. The application performs startup tasks and does not receive traffic yet. |
Ready |
|
|
Accepts requests |
Startup tasks are finished. The application is receiving traffic. |
When a Spring Boot application shuts down:
Shutdown phase | Liveness State | Readiness State | HTTP server | Notes |
---|---|---|---|---|
Running |
|
|
Accepts requests |
Shutdown has been requested. |
Graceful shutdown |
|
|
New requests are rejected |
If enabled, graceful shutdown processes in-flight requests. |
Shutdown complete |
N/A |
N/A |
Server is shut down |
The application context is closed and the application is shut down. |
See Kubernetes Container Lifecycle for more information about Kubernetes deployment. |
Application Information
Application information exposes various information collected from all InfoContributor
beans defined in your ApplicationContext
.
Spring Boot includes a number of auto-configured InfoContributor
beans, and you can write your own.
Auto-configured InfoContributors
When appropriate, Spring auto-configures the following InfoContributor
beans:
ID | Name | Description | Prerequisites |
---|---|---|---|
|
Exposes build information. |
A |
|
|
Exposes any property from the |
None. |
|
|
Exposes git information. |
A |
|
|
Exposes Java runtime information. |
None. |
|
|
Exposes Operating System information. |
None. |
|
|
Exposes process information. |
None. |
|
|
Exposes SSL certificate information. |
An SSL Bundle configured. |
Whether an individual contributor is enabled is controlled by its management.info.<id>.enabled
property.
Different contributors have different defaults for this property, depending on their prerequisites and the nature of the information that they expose.
With no prerequisites to indicate that they should be enabled, the env
, java
, os
, and process
contributors are disabled by default. The ssl
contributor has a prerequisite of having an SSL Bundle configured but it is disabled by default.
Each can be enabled by setting its management.info.<id>.enabled
property to true
.
The build
and git
info contributors are enabled by default.
Each can be disabled by setting its management.info.<id>.enabled
property to false
.
Alternatively, to disable every contributor that is usually enabled by default, set the management.info.defaults.enabled
property to false
.
Custom Application Information
When the env
contributor is enabled, you can customize the data exposed by the info
endpoint by setting info.*
Spring properties.
All Environment
properties under the info
key are automatically exposed.
For example, you could add the following settings to your application.properties
file:
-
Properties
-
YAML
info.app.encoding=UTF-8
info.app.java.source=17
info.app.java.target=17
info:
app:
encoding: "UTF-8"
java:
source: "17"
target: "17"
Rather than hardcoding those values, you could also expand info properties at build time. Assuming you use Maven, you could rewrite the preceding example as follows:
|
Git Commit Information
Another useful feature of the info
endpoint is its ability to publish information about the state of your git
source code repository when the project was built.
If a GitProperties
bean is available, you can use the info
endpoint to expose these properties.
A GitProperties bean is auto-configured if a git.properties file is available at the root of the classpath.
See Generate Git Information for more detail.
|
By default, the endpoint exposes git.branch
, git.commit.id
, and git.commit.time
properties, if present.
If you do not want any of these properties in the endpoint response, they need to be excluded from the git.properties
file.
If you want to display the full git information (that is, the full content of git.properties
), use the management.info.git.mode
property, as follows:
-
Properties
-
YAML
management.info.git.mode=full
management:
info:
git:
mode: "full"
To disable the git commit information from the info
endpoint completely, set the management.info.git.enabled
property to false
, as follows:
-
Properties
-
YAML
management.info.git.enabled=false
management:
info:
git:
enabled: false
Build Information
If a BuildProperties
bean is available, the info
endpoint can also publish information about your build.
This happens if a META-INF/build-info.properties
file is available in the classpath.
The Maven and Gradle plugins can both generate that file. See Generate Build Information for more details. |
Java Information
The info
endpoint publishes information about your Java runtime environment, see JavaInfo
for more details.
OS Information
The info
endpoint publishes information about your Operating System, see OsInfo
for more details.
Process Information
The info
endpoint publishes information about your process, see ProcessInfo
for more details.
SSL Information
The info
endpoint publishes information about your SSL certificates (that are configured through SSL Bundles), see SslInfo
for more details. This endpoint reuses the "warning threshold" property of SslHealthIndicator
: if an SSL certificate will be invalid within the time span defined by this threshold, it will trigger a warning. See the management.health.ssl.certificate-validity-warning-threshold
property.
Writing Custom InfoContributors
To provide custom application information, you can register Spring beans that implement the InfoContributor
interface.
The following example contributes an example
entry with a single value:
-
Java
-
Kotlin
import java.util.Collections;
import org.springframework.boot.actuate.info.Info;
import org.springframework.boot.actuate.info.InfoContributor;
import org.springframework.stereotype.Component;
@Component
public class MyInfoContributor implements InfoContributor {
@Override
public void contribute(Info.Builder builder) {
builder.withDetail("example", Collections.singletonMap("key", "value"));
}
}
import org.springframework.boot.actuate.info.Info
import org.springframework.boot.actuate.info.InfoContributor
import org.springframework.stereotype.Component
import java.util.Collections
@Component
class MyInfoContributor : InfoContributor {
override fun contribute(builder: Info.Builder) {
builder.withDetail("example", Collections.singletonMap("key", "value"))
}
}
If you reach the info
endpoint, you should see a response that contains the following additional entry:
{
"example": {
"key" : "value"
}
}
Software Bill of Materials (SBOM)
The sbom
endpoint exposes the Software Bill of Materials.
CycloneDX SBOMs can be auto-detected, but other formats can be manually configured, too.
The sbom
actuator endpoint will then expose an SBOM called "application", which describes the contents of your application.
To automatically generate a CycloneDX SBOM at project build time, please see the Generate a CycloneDX SBOM section. |
Other SBOM formats
If you want to publish an SBOM in a different format, there are some configuration properties which you can use.
The configuration property management.endpoint.sbom.application.location
sets the location for the application SBOM.
For example, setting this to classpath:sbom.json
will use the contents of the /sbom.json
resource on the classpath.
The media type for SBOMs in CycloneDX, SPDX and Syft format is detected automatically.
To override the auto-detected media type, use the configuration property management.endpoint.sbom.application.media-type
.
Additional SBOMs
The actuator endpoint can handle multiple SBOMs.
To add SBOMs, use the configuration property management.endpoint.sbom.additional
, as shown in this example:
-
Properties
-
YAML
management.endpoint.sbom.additional.system.location=optional:file:/system.spdx.json
management.endpoint.sbom.additional.system.media-type=application/spdx+json
management:
endpoint:
sbom:
additional:
system:
location: "optional:file:/system.spdx.json"
media-type: "application/spdx+json"
This will add an SBOM called "system", which is stored in /system.spdx.json
.
The optional:
prefix can be used to prevent a startup failure if the file doesn’t exist.