Actuator endpoints let you monitor and interact with your application. Spring Boot
includes a number of built-in endpoints and lets you add your own. For example, the
health endpoint provides basic application health information.
The way that endpoints are exposed depends on the type of technology that you choose.
Most applications choose HTTP monitoring, where the ID of the endpoint along with a
prefix of /actuator is mapped to a URL. For example, by default, the health
endpoint is mapped to /actuator/health.
The following technology-agnostic endpoints are available:
| ID | Description |
|---|---|
| Exposes audit events information for the current application. |
| Showing the conditions that were evaluated on configuration and auto-configuration classes and the reasons why they did or did not match. |
| Displays a complete list of all the Spring beans in your application. |
| Displays a collated list of all |
| Exposes properties from Spring’s |
| Shows any Flyway database migrations that have been applied. |
| Shows application health information. |
| Displays arbitrary application info. |
| Shows and modifies the configuration of loggers in the application. |
| Shows any Liquibase database migrations that have been applied. |
| Shows ‘metrics’ information for the current application. |
| Displays a collated list of all |
| Displays the scheduled tasks in your application. |
| Allows retrieval and deletion of user sessions from a Spring Session-backed session store. Not available when using Spring Session’s support for reactive web applications. |
| Lets the application be gracefully shutdown (not enabled by default). |
| Performs a thread dump. |
| Displays trace information (by default, the last 100 HTTP requests). |
If your application is a web application (Spring MVC, Spring WebFlux, or Jersey), you can use the following additional endpoints:
| ID | Description |
|---|---|
| Returns a GZip compressed |
| Returns the contents of the logfile (if |
| Exposes metrics in a format that can be scraped by a Prometheus server. |
To learn more about the Actuator’s endpoints and their request and response formats, please refer to the separate API documentation that is available in the following formats:
Since Endpoints may contain sensitive information, careful consideration should be given
about when to expose them. Out of the box, Spring Boot will expose all enabled endpoints
over JMX, but only the health and info endpoints over HTTP.
To change the endpoints that are exposed you can use the expose and exclude property
for the technology. For example, to only expose the health over JMX you would use:
application.properties.
management.endpoints.jmx.expose=health
The * character can be used to indicate all endpoints. For example, to expose everything
over HTTP except the env endpoint you would use:
application.properties.
management.endpoints.web.expose=* management.endpoints.web.exclude=env
![[Note]](images/note.png) | Note |
|---|---|
If your application is exposed publicly we strongly recommend that you also secure your endpoints. |
![[Tip]](images/tip.png) | Tip |
|---|---|
If you want to implement your own strategy for when endpoints are exposed you can
register an |
You should take care to secure HTTP endpoints in the same way that you would any other
sensitive URL. Spring Boot will not apply any security on your behalf, however, it does
provide some convenient RequestMatchers that can be used in combination with Spring
Security.
A typical Spring Security configuration could look something like this:
@Configuration public class ActuatorSecurity extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests() .anyRequest().hasRole("ENDPOINT_ADMIN") .and() .httpBasic(); } }
The above uses EndpointRequest.toAnyEndpoint() to match a request to any endpoint, then
ensure that all have the ENDPOINT_ADMIN role. Several other matcher methods are
also available on EndpointRequest (see the API documentation for details).
If you deploy applications behind a firewall, you may prefer that all your actuator
endpoints can be accessed without requiring authentication. You can do so by changing the
management.endpoints.web.expose property, as follows:
application.properties.
management.endpoints.web.expose=*
Endpoints can be customized by using Spring properties. You can change whether an
endpoint is enabled and the amount of time it will cache responses.
For example, the following application.properties changes the time-to-live of the
beans endpoint to 10 seconds and also enables shutdown:
management.endpoint.beans.cache.time-to-live=10s management.endpoint.shutdown.enabled=true
| Note |
|---|---|
The prefix |
By default, all endpoints except for shutdown are enabled. If you prefer to
specifically “opt-in” endpoint enablement, you can use the
management.endpoints.enabled-by-default property. For example, the following settings
disable all endpoints except for info:
management.endpoints.enabled-by-default=false management.endpoint.info.enabled=true
| Note |
|---|---|
Disabled endpoints are removed entirely from the |
A “discovery page” is added with links to all the endpoints. The “discovery page” is
available on /actuator by default.
When a custom management context path is configured, the “discovery page” automatically
moves from /actuator to the root of the management context. For example, if the
management context path is /management, then the discovery page is available from
/management. When the management context path is set to /, the discovery page is
disabled to prevent the possibility of a clash with other mappings.
By default, endpoints are exposed over HTTP under the /actuator path using ID of the
endpoint. For example, the beans endpoint is exposed under /actuator/beans. If you
want to map endpoints to a different path you can use the
management.endpoints.web.path-mapping property. You can also use
management.endpoints.web.base-path if you want change the base path.
Here’s an example that remaps /actuator/health to /healthcheck:
application.properties.
management.endpoints.web.base-path=/ management.endpoints.path-mapping.health=healthcheck
Cross-origin resource sharing (CORS) is a W3C specification that allows you to specify in a flexible way what kind of cross domain requests are authorized. If you use Spring MVC or Spring WebFlux, Actuator’s web endpoints can be configured to support such scenarios.
CORS support is disabled by default and is only enabled once the
management.endpoints.web.cors.allowed-origins property has been set. The following
configuration permits GET and POST calls from the example.com domain:
management.endpoints.web.cors.allowed-origins=http://example.com management.endpoints.web.cors.allowed-methods=GET,POST
| Tip |
|---|---|
See CorsEndpointProperties for a complete list of options. |
If you add a @Bean annotated with @Endpoint, any methods annotated with
@ReadOperation, @WriteOperation or @DeleteOperation are automatically exposed over
JMX and, in a web application, over HTTP as well.
You can also write technology specific endpoints by using @JmxEndpoint or
@WebEndpoint. These endpoints are filtered to their respective technologies. For
example, @WebEndpoint will be exposed only over HTTP and not over JMX.
Finally, it’s possible to write technology specific extensions using
@EndpointWebExtension and @EndpointJmxExtension. These annotations allow you to
provide technology specific operations to augment an existing endpoint.
| Tip |
|---|---|
If you add endpoints as a library feature, consider adding a configuration class
annotated with |
You can use health information to check the status of your running application. It is
often used by monitoring software to alert someone when a production system goes down.
The information exposed by the health endpoint depends on the
management.endpoint.health.show-details property. By default, the property’s value is
false and a simple ‘status’ message is returned. When the property’s value is set to
true, additional details from the individual health indicators are also displayed.
Health information is collected from all
HealthIndicator beans
defined in your ApplicationContext. Spring Boot includes a number of auto-configured
HealthIndicators, and you can also write your own. By default, the final system state
is derived by the HealthAggregator, which sorts the statuses from each
HealthIndicator based on an ordered list of statuses. The first status in the sorted
list is used as the overall health status. If no HealthIndicator returns a status that
is known to the HealthAggregator, an UNKNOWN status is used.
The following HealthIndicators are auto-configured by Spring Boot when appropriate:
| Name | Description |
|---|---|
Checks that a Cassandra database is up. | |
Checks for low disk space. | |
Checks that a connection to | |
Checks that an Elasticsearch cluster is up. | |
Checks that a JMS broker is up. | |
Checks that a mail server is up. | |
Checks that a Mongo database is up. | |
Checks that a Neo4j server is up. | |
Checks that a Rabbit server is up. | |
Checks that a Redis server is up. | |
Checks that a Solr server is up. |
| Tip |
|---|---|
It is possible to disable them all using the |
To provide custom health information, you can register Spring beans that implement the
HealthIndicator interface.
You need to provide an implementation of the health() method and return a Health
response. The Health response should include a status and can optionally include
additional details to be displayed. The following code shows a sample HealthIndicator
implementation:
import org.springframework.boot.actuate.health.Health; import org.springframework.boot.actuate.health.HealthIndicator; import org.springframework.stereotype.Component; @Component public class MyHealthIndicator implements HealthIndicator { @Override public Health health() { int errorCode = check(); // perform some specific health check if (errorCode != 0) { return Health.down().withDetail("Error Code", errorCode).build(); } return Health.up().build(); } }
| Note |
|---|---|
The identifier for a given |
In addition to Spring Boot’s predefined
Status types, it is also possible for
Health to return a custom Status that represents a new system state. In such cases, a
custom implementation of the
HealthAggregator interface
also needs to be provided, or the default implementation has to be configured by using
the management.health.status.order configuration property.
For example, assume a new Status with code FATAL is being used in one of your
HealthIndicator implementations. To configure the severity order, add the following
to your application properties:
management.health.status.order=FATAL, DOWN, OUT_OF_SERVICE, UNKNOWN, UPThe HTTP status code in the response reflects the overall health status (for example,
UP maps to 200, while OUT_OF_SERVICE and DOWN map to 503). You might also want to
register custom status mappings if you access the health endpoint over HTTP. For example,
the following property maps FATAL to 503 (service unavailable):
management.health.status.http-mapping.FATAL=503 | Tip |
|---|---|
If you need more control, you can define your own |
The following table shows the default status mappings for the built-in statuses:
| Status | Mapping |
|---|---|
DOWN | SERVICE_UNAVAILABLE (503) |
OUT_OF_SERVICE | SERVICE_UNAVAILABLE (503) |
UP | No mapping by default, so http status is 200 |
UNKNOWN | No mapping by default, so http status is 200 |
For reactive applications, such as those using Spring WebFlux, ReactiveHealthIndicators
provide a non-blocking contract for getting application health. Similar to a traditional
HealthIndicator, health information is collected from all
ReactiveHealthIndicator
beans defined in your ApplicationContext. Regular HealthIndicators that do not check
against a reactive API are included and executed on the elastic scheduler.
To provide custom health information from a reactive API, you can register Spring beans
that implement the
ReactiveHealthIndicator interface.
The following code shows a sample ReactiveHealthIndicator implementation:
@Component public class MyReactiveHealthIndicator implements ReactiveHealthIndicator { @Override public Mono<Health> health() { return doHealthCheck() //perform some specific health check that returns a Mono<Health> .onErrorResume(ex -> Mono.just(new Health.Builder().down(ex).build()))); } }
| Tip |
|---|---|
To handle the error automatically, consider extending from
|
The following ReactiveHealthIndicators are auto-configured by Spring Boot when
appropriate:
| Name | Description |
|---|---|
Checks that a Redis server is up. |
| Tip |
|---|---|
Those reactive indicators replace the regular ones if necessary. Also, any
|
Application information exposes various information collected from all
InfoContributor beans defined
in your ApplicationContext. Spring Boot includes a number of auto-configured
InfoContributors, and you can write your own.
The following InfoContributors are auto-configured by Spring Boot, when appropriate:
| Name | Description |
|---|---|
Expose any key from the | |
Expose git information if a | |
Expose build information if a |
| Tip |
|---|---|
It is possible to disable them all using the |
You can customize the data exposed by the info endpoint by setting info.* Spring
properties. All Environment properties under the info key are automatically exposed.
For example, you could add the following settings to your application.properties file:
info.app.encoding=UTF-8 info.app.java.source=1.8 info.app.java.target=1.8
| Tip |
|---|---|
Rather than hardcoding those values, you could also expand info properties at build time. Assuming you use Maven, you could rewrite the preceding example as follows: info.app.encoding[email protected]@ info.app.java.source[email protected]@ info.app.java.target[email protected]@ |
Another useful feature of the info endpoint is its ability to publish information about
the state of your git source code repository when the project was built. If a
GitProperties bean is available, the git.branch, git.commit.id and
git.commit.time properties are exposed.
| Tip |
|---|---|
A |
If you want to display the full git information (that is, the full content of
git.properties), use the management.info.git.mode property, as follows:
management.info.git.mode=fullIf a BuildProperties bean is available, the info endpoint can also publish
information about your build. This happens if a META-INF/build-info.properties file is
available in the classpath.
| Tip |
|---|---|
The Maven and Gradle plugins can both generate that file. See "Generate build information" for more details. |
To provide custom application information, you can register Spring beans that implement
the InfoContributor interface.
The following example contributes an example entry with a single value:
import java.util.Collections; import org.springframework.boot.actuate.info.Info; import org.springframework.boot.actuate.info.InfoContributor; import org.springframework.stereotype.Component; @Component public class ExampleInfoContributor implements InfoContributor { @Override public void contribute(Info.Builder builder) { builder.withDetail("example", Collections.singletonMap("key", "value")); } }
If you reach the info endpoint, you should see a response that contains the following
additional entry:
{ "example": { "key" : "value" } }