I am using spring boot 2.0.4 and want to expose my actuator endpoints. When adding the following to application.yml only info, health are being exposed.
management:
endpoints:
web:
exposure:
include: "*"
When I run http://localhost:8080/actuator I get
{"_links":{"self":{"href":"http://localhost:8080/actuator","templated":false},"health":{"href":"http://localhost:8080/actuator/health","templated":false},"info":{"href":"http://localhost:8080/actuator/info","templated":false}}}
Spring Boot 2.0 takes a slightly different approach to ensure web endpoints security. The majority of Web endpoints are now disabled by default (Only the /health and /info endpoints are exposed) and the management.security.enabled property has been removed. There is no longer a separate security auto-configuration for the Actuator, individual endpoints may be enabled/disabled and/or exposed via configuration in the application.properties file. For example:
# disable beans endpoint
management.endpoints.beans.enabled=false
# expose all endpoints:
management.endpoints.web.exposure.include=*
See additional info Spring official documentation: https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-2.0-Migration-Guide#endpoints
Related
I have attempted to take advice offered for similar problems; to no avail. Can someone please explain a resolution for this problem, as if I were six?
I've upgraded my version of spring boot to 2.5. All tests in my suite still pass, except for this #Springboot test:
#Test
void readActuatorInfo_success() throws Exception {
mockMvc.perform(
get("/actuator/info")
.header("Authorization", "Basic dXNlcjpwYXNzd29yZA=="))
.andExpect(status().isOk());
}
It fails because the response is 404. Now, I know that springboot does not, by default, expose the endpoints, that they must be explicitly configured. For example, the following yaml should do it, but no. Any tips?
application:
endpoint:
info:
enabled: true
To be clear, this test passed for Springboot 2.3
From 2.5 onwards the Info endpoint is no longer exposed by default,
The /info actuator endpoint is no longer exposed over the web by default. Additionally, if Spring Security is on the classpath and your application doesn’t have a custom security configuration, the endpoint requires authenticated access by default.
Refer to the documentation on exposing and securing actuator endpoints to change these new defaults.
https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-2.5-Release-Notes#secure-info-endpoint
management:
endpoint:
web:
exposure: "health,info"
I have configured my spring boot application monitor-client to register to Eureka. I have a separate spring boot admin (SBA) application monitor that monitors all applications registered to Eureka.
If the context-path is not set in my application, everything is working fine. However if the context-path is set, SBA does not show correct information anymore. From the documentation it seems that I need to update the metadata properties of Eureka which I have done.
My monitor application is configured as follows:
application.properties:
spring.application.name=monitor-client
server.servlet.context-path=/monitor-client
server.port=9876
# Monitoring config
management.endpoints.web.exposure.include=*
eureka.instance.metadataMap.management.context-path=/monitor-client/actuator
My application is showing as 'offline' but I can browse all the details in the 'insight' tab. I suppose SBA correctly access the actuator endpoints but incorrectly uses the /health endpoint and I do not understand how that is possible?
If I go to the administration interface of SBA, I notice that the wrench endpoint and the health endpoint are not the same:
localhost:9876/monitor-client/actuator (wrench)
localhost:9876/actuator/health (health)
I've fiddled around with some settings but between the managment settings, the actuator settings and the eureka settings, I'm not sure which one is to be configured for this to work.
I've tried:
management.endpoints.web.base-path
eureka.instance.health-check-url-path
I'm currently using spring boot 2.1.2.RELEASE and matching version of SBA
Can you try with these configuration
server:
servlet:
context-path: /monitor-client
#management config
eureka:
instance:
health-check-url-path: /actuator/health
metadata-map:
management.context-path: /monitor-client/actuator
client:
serviceUrl:
defaultZone: ${EUREKA_SERVICE_URL:http://localhost:8761}/eureka/
management:
endpoint:
health:
show-details: always
endpoints:
web:
base-path: /actuator
exposure:
include: "*"
On my application.properties i have endpoints.enabled=false and also endpoints.health.enabled=false but still the /health endpoint is not getting suppressed.
Maybe you are missing the first level of the properties.
The properties should be configured like this, to disable all endpoints
management.endpoints.enabled-by-default= false
if you only want to disable the health endpoint than use this property:
management.endpoint.health.enabled=false
I think the issues here could be the version of Sprint Boot being used. 1.5.x has different properties to 2.0.x.
Spring Boot 2.0.x
management.endpoints.enabled-by-default=false
management.endpoint.health.enabled=false
management.endpoint.info.enabled=true
Spring Boot 1.5.x
endpoints.enabled=false
endpoint.health.enabled=false
endpoint.info.enabled=true
Please also note that when enabling endpoints you use plural ("endpoints") but when enabling a specific endpoint you use a singlton ("endpoint").
I have a Spring Boot application with secure API on port 8080, using #EnableWebSecurity annotation. The management port is changed to 8081 and is not exposed to the public so I don't need/want to have security enabled on the actuator endpoints
On Spring Boot 1.4 it was possible to use property management.security.enabled=false to ignore all actuator endpoints from security. I understand that this functionality was considered a "mistake", and Boot 1.5 "corrects" this by removing this auto-configuration if #EnableWebSecurity is present. The release notes state that we have to explicitly configure this ourselves in this case.
Does this mean we have to pull this out of 1.4 source and implement in each app, or is there a new way of achieving this?
Is there an easy way to add a prefix to all the Actuator endpoints?
/env -> /secure/env
/health -> /secure/health
/info -> /secure/info
...
Jesper's answer is completely right, but I was looking for a more straightforward way of prefixing all endpoints, and it can be done with management.context-path, e.g.:
management:
context-path: /secure
-> /secure/env
-> /secure/health
...
According to current Spring-Boot documentation, the property to change is:
management.endpoints.web.base-path=/secure
Set the properties endpoints.{name}.path in your application.properties. For example:
endpoints.actuator.path=/secure/actuator
endpoints.env.path=/secure/env
endpoints.health.path=/secure/health
endpoints.info.path=/secure/info
To enable security on an endpoint, set endpoints.{name}.sensitive to true. For example:
endpoints.health.sensitive=true
See also Securing sensitive endpoints, Actuator Security and HTTP health endpoint access restrictions in the Spring Boot reference documentation if you want to secure the actuator endpoints of your application.
See Common application properties in the Spring Boot reference documentation for a list of common properties that you can set in application.properties.