端点
Actuator 端点让你可以监控和与你的应用程序交互。
Spring Boot 包含了许多内置端点,并允许你添加自己的端点。
例如,health 端点提供基本的应用程序健康信息。
你可以 控制访问 每个单独的端点,并 通过 HTTP 或 JMX 暴露它们(使它们可以远程访问)。
当端点的访问被允许并且它被暴露时,该端点就被认为是可用的。
内置端点只有在可用时才会自动配置。
大多数应用程序选择通过 HTTP 暴露端点,其中端点的 ID 和 /actuator 前缀被映射到一个 URL。
例如,默认情况下,health 端点被映射到 /actuator/health。
提示:要了解更多关于 Actuator 端点及其请求和响应格式的信息,请参阅 API 文档。
以下是与技术无关的可用端点:
| ID | 描述 |
|---|---|
|
暴露当前应用程序的审计事件信息。
需要 |
|
显示应用程序中所有 Spring bean 的完整列表。 |
|
暴露可用的缓存。 |
|
显示在配置和自动配置类上评估的条件以及它们匹配或不匹配的原因。 |
|
显示所有 |
|
暴露来自 Spring 的 |
|
显示已应用的任何 Flyway 数据库迁移。
需要一个或多个 |
|
显示应用程序健康信息。 |
|
显示 HTTP 交换信息(默认情况下,最后 100 个 HTTP 请求-响应交换)。
需要 |
|
显示任意应用程序信息。 |
|
显示 Spring Integration 图。
需要依赖 |
|
显示和修改应用程序中日志记录器的配置。 |
|
显示已应用的任何 Liquibase 数据库迁移。
需要一个或多个 |
|
显示当前应用程序的"指标"信息,用于诊断应用程序记录的指标。 |
|
显示所有 |
|
显示 Quartz Scheduler 作业的信息。 受 脱敏 影响。 |
|
显示应用程序中的计划任务。 |
|
允许从 Spring Session 支持的会话存储中检索和删除用户会话。 需要基于 servlet 的 Web 应用程序并使用 Spring Session。 |
|
允许应用程序优雅地关闭。 仅在使用 jar 打包时有效。 默认禁用。 |
|
显示由 |
|
执行线程转储。 |
如果你的应用程序是 Web 应用程序(Spring MVC、Spring WebFlux 或 Jersey),你可以使用以下额外的端点:
| ID | 描述 |
|---|---|
|
返回堆转储文件。
在 HotSpot JVM 上,返回 |
|
返回日志文件的内容(如果设置了 |
|
以可以被 Prometheus 服务器抓取的格式暴露指标。
需要依赖 |
控制端点访问
默认情况下,除了 shutdown 之外的所有端点的访问都是不受限制的。
要配置允许访问的端点,使用其 management.endpoint.<id>.access 属性。
以下示例允许对 shutdown 端点进行不受限制的访问:
-
Properties
-
YAML
management.endpoint.shutdown.access=unrestrictedmanagement:
endpoint:
shutdown:
access: unrestricted如果你希望访问是选择加入而不是选择退出,将 management.endpoints.access.default 属性设置为 none,并使用单独的端点 access 属性来选择加入。
以下示例允许对 loggers 端点进行只读访问,并拒绝访问所有其他端点:
-
Properties
-
YAML
management.endpoints.access.default=none
management.endpoint.loggers.access=read-onlymanagement:
endpoints:
access:
default: none
endpoint:
loggers:
access: read-only注意:不可访问的端点会从应用程序上下文中完全移除。
如果你只想更改端点暴露的技术,请使用 include 和 exclude 属性。
限制访问
可以使用 management.endpoints.access.max-permitted 属性限制应用程序范围的端点访问。
此属性优先于默认访问或单个端点的访问级别。
将其设置为 none 可使所有端点不可访问。
将其设置为 read-only 只允许对端点进行读取访问。
对于 @Endpoint、@JmxEndpoint 和 @WebEndpoint,读取访问等同于使用 @ReadOperation 注解的端点方法。
对于 @ControllerEndpoint 和 @RestControllerEndpoint,读取访问等同于可以处理 GET 和 HEAD 请求的请求映射。
对于 @ServletEndpoint,读取访问等同于 GET 和 HEAD 请求。
暴露端点
默认情况下,只有 health 端点通过 HTTP 和 JMX 暴露。 由于端点可能包含敏感信息,你应该仔细考虑何时暴露它们。
要更改哪些端点被暴露,使用以下技术特定的 include 和 exclude 属性:
| 属性 | 默认值 |
|---|---|
|
|
|
|
|
|
|
|
include 属性列出了被暴露的端点的 ID。
exclude 属性列出了不应该被暴露的端点的 ID。
exclude 属性优先于 include 属性。
你可以使用端点 ID 列表配置 include 和 exclude 属性。
例如,要仅通过 JMX 暴露 health 和 info 端点,使用以下属性:
-
Properties
-
YAML
management.endpoints.jmx.exposure.include=health,infomanagement:
endpoints:
jmx:
exposure:
include: "health,info"* 可用于选择所有端点。
例如,要通过 HTTP 暴露除 env 和 beans 端点之外的所有内容,使用以下属性:
-
Properties
-
YAML
management.endpoints.web.exposure.include=*
management.endpoints.web.exposure.exclude=env,beansmanagement:
endpoints:
web:
exposure:
include: "*"
exclude: "env,beans"注意:* 在 YAML 中有特殊含义,所以如果你想包含(或排除)所有端点,请确保添加引号。
注意:如果你的应用程序是公开暴露的,我们强烈建议你也 保护你的端点。
提示:如果你想实现自己的端点暴露策略,你可以注册一个 EndpointFilter bean。
安全性
出于安全考虑,默认情况下只有 /health 端点通过 HTTP 暴露。
你可以使用 management.endpoints.web.exposure.include 属性来配置要暴露的端点。
注意:在设置 management.endpoints.web.exposure.include 之前,确保暴露的 actuator 不包含敏感信息,通过将它们放在防火墙后面来保护它们,或者通过 Spring Security 等工具来保护它们。
如果类路径上有 Spring Security 且没有其他 SecurityFilterChain bean,除了 /health 之外的所有 actuator 都会被 Spring Boot 自动配置保护。
如果你定义了一个自定义的 SecurityFilterChain bean,Spring Boot 自动配置会退出,让你完全控制 actuator 访问规则。
如果你希望为 HTTP 端点配置自定义安全性(例如,只允许具有特定角色的用户访问它们),Spring Boot 提供了一些方便的 RequestMatcher 对象,你可以将它们与 Spring Security 结合使用。
一个典型的 Spring Security 配置可能如下所示:
-
Java
-
Kotlin
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
import static org.springframework.security.config.Customizer.withDefaults;
@Configuration(proxyBeanMethods = false)
public class MySecurityConfiguration {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.securityMatcher(EndpointRequest.toAnyEndpoint());
http.authorizeHttpRequests((requests) -> requests.anyRequest().hasRole("ENDPOINT_ADMIN"));
http.httpBasic(withDefaults());
return http.build();
}
}import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.Customizer.withDefaults
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.web.SecurityFilterChain
@Configuration(proxyBeanMethods = false)
class MySecurityConfiguration {
@Bean
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http.securityMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests { requests ->
requests.anyRequest().hasRole("ENDPOINT_ADMIN")
}
http.httpBasic(withDefaults())
return http.build()
}
}前面的示例使用 EndpointRequest.toAnyEndpoint() 来匹配对任何端点的请求,然后确保所有端点都具有 ENDPOINT_ADMIN 角色。
EndpointRequest 上还有其他几个匹配器方法。
有关详细信息,请参阅 API 文档。
如果你在防火墙后面部署应用程序,你可能希望所有 actuator 端点都可以在不要求认证的情况下访问。
你可以通过更改 management.endpoints.web.exposure.include 属性来实现这一点,如下所示:
-
Properties
-
YAML
management.endpoints.web.exposure.include=*management:
endpoints:
web:
exposure:
include: "*"此外,如果存在 Spring Security,你需要添加允许对端点进行未认证访问的自定义安全配置,如下例所示:
-
Java
-
Kotlin
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
@Configuration(proxyBeanMethods = false)
public class MySecurityConfiguration {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.securityMatcher(EndpointRequest.toAnyEndpoint());
http.authorizeHttpRequests((requests) -> requests.anyRequest().permitAll());
return http.build();
}
}import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.web.SecurityFilterChain
@Configuration(proxyBeanMethods = false)
class MySecurityConfiguration {
@Bean
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http.securityMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests { requests ->
requests.anyRequest().permitAll()
}
return http.build()
}
}注意:在前面的两个示例中,配置仅适用于 actuator 端点。
由于 Spring Boot 的安全配置在存在任何 SecurityFilterChain bean 时会完全退出,你需要配置一个额外的 SecurityFilterChain bean,其中包含适用于应用程序其余部分的规则。
跨站请求伪造保护
由于 Spring Boot 依赖 Spring Security 的默认值,CSRF 保护默认是开启的。
这意味着当使用默认安全配置时,需要 POST(shutdown 和 loggers 端点)、PUT 或 DELETE 的 actuator 端点会收到 403(禁止)错误。
注意:我们建议只有在创建非浏览器客户端使用的服务时才完全禁用 CSRF 保护。
你可以在 Spring Security 参考指南 中找到有关 CSRF 保护的更多信息。
配置端点
端点会自动缓存对不接收任何参数的读取操作的响应。
要配置端点缓存响应的时间,使用其 cache.time-to-live 属性。
以下示例将 beans 端点的缓存生存时间设置为 10 秒:
-
Properties
-
YAML
management.endpoint.beans.cache.time-to-live=10smanagement:
endpoint:
beans:
cache:
time-to-live: "10s"注意:management.endpoint.<name> 前缀唯一标识正在配置的端点。
脱敏敏感值
由 /env、/configprops 和 /quartz 端点返回的信息可能是敏感的,因此默认情况下值总是完全脱敏(替换为 ******)。
只有在以下情况下才能以未脱敏的形式查看值:
-
show-values属性已设置为never以外的值 -
没有自定义的
SanitizingFunctionbean 适用
show-values 属性可以为可脱敏的端点配置为以下值之一:
-
never- 值总是完全脱敏(替换为******) -
always- 向所有用户显示值(只要没有SanitizingFunctionbean 适用) -
when-authorized- 仅向授权用户显示值(只要没有SanitizingFunctionbean 适用)
对于 HTTP 端点,如果用户已认证并具有端点 roles 属性配置的角色,则认为该用户已授权。
默认情况下,任何已认证的用户都被视为已授权。
对于 JMX 端点,所有用户始终被视为已授权。
以下示例允许所有具有 admin 角色的用户以原始形式查看 /env 端点的值。
未授权用户或没有 admin 角色的用户将只能看到脱敏的值。
-
Properties
-
YAML
management.endpoint.env.show-values=when-authorized
management.endpoint.env.roles=adminmanagement:
endpoint:
env:
show-values: when-authorized
roles: "admin"注意:此示例假设没有定义 SanitizingFunction bean。
Actuator Web 端点的超媒体
添加了一个"发现页面",其中包含指向所有端点的链接。
默认情况下,"发现页面"在 /actuator 上可用。
要禁用"发现页面",在应用程序属性中添加以下属性:
-
Properties
-
YAML
management.endpoints.web.discovery.enabled=falsemanagement:
endpoints:
web:
discovery:
enabled: false当配置了自定义管理上下文路径时,"发现页面"会自动从 /actuator 移动到管理上下文的根目录。
例如,如果管理上下文路径是 /management,则发现页面在 /management 上可用。
当管理上下文路径设置为 / 时,发现页面会被禁用,以防止与其他映射发生冲突。
CORS 支持
跨源资源共享 (CORS) 是一个 W3C 规范,它让你可以灵活地指定允许什么样的跨域请求。 如果你使用 Spring MVC 或 Spring WebFlux,你可以配置 Actuator 的 Web 端点以支持此类场景。
CORS 支持默认是禁用的,只有在设置了 management.endpoints.web.cors.allowed-origins 属性后才会启用。
以下配置允许来自 example.com 域的 GET 和 POST 调用:
-
Properties
-
YAML
management.endpoints.web.cors.allowed-origins=https://example.com
management.endpoints.web.cors.allowed-methods=GET,POSTmanagement:
endpoints:
web:
cors:
allowed-origins: "https://example.com"
allowed-methods: "GET,POST"提示:有关完整选项列表,请参阅 CorsEndpointProperties。
Implementing Custom Endpoints
If you add a @Bean annotated with @Endpoint, any methods annotated with @ReadOperation, @WriteOperation, or @DeleteOperation are automatically exposed over JMX and, in a web application, over HTTP as well.
Endpoints can be exposed over HTTP by using Jersey, Spring MVC, or Spring WebFlux.
If both Jersey and Spring MVC are available, Spring MVC is used.
The following example exposes a read operation that returns a custom object:
-
Java
-
Kotlin
@ReadOperation
public CustomData getData() {
return new CustomData("test", 5);
} @ReadOperation
fun getData(): CustomData {
return CustomData("test", 5)
}You can also write technology-specific endpoints by using @JmxEndpoint or @WebEndpoint.
These endpoints are restricted to their respective technologies.
For example, @WebEndpoint is exposed only over HTTP and not over JMX.
You can write technology-specific extensions by using @EndpointWebExtension and @EndpointJmxExtension.
These annotations let you provide technology-specific operations to augment an existing endpoint.
Finally, if you need access to web-framework-specific functionality, you can implement servlet or Spring @Controller and @RestController endpoints at the cost of them not being available over JMX or when using a different web framework.
Receiving Input
Operations on an endpoint receive input through their parameters.
When exposed over the web, the values for these parameters are taken from the URL’s query parameters and from the JSON request body.
When exposed over JMX, the parameters are mapped to the parameters of the MBean’s operations.
Parameters are required by default.
They can be made optional by annotating them with either @javax.annotation.Nullable or @Nullable.
You can map each root property in the JSON request body to a parameter of the endpoint. Consider the following JSON request body:
{
"name": "test",
"counter": 42
}You can use this to invoke a write operation that takes String name and int counter parameters, as the following example shows:
-
Java
-
Kotlin
@WriteOperation
public void updateData(String name, int counter) {
// injects "test" and 42
} @WriteOperation
fun updateData(name: String?, counter: Int) {
// injects "test" and 42
}
Because endpoints are technology agnostic, only simple types can be specified in the method signature.
In particular, declaring a single parameter with a CustomData type that defines a name and counter properties is not supported.
|
To let the input be mapped to the operation method’s parameters, Java code that implements an endpoint should be compiled with -parameters.
For Kotlin code, please review the recommendation of the Spring Framework reference.
This will happen automatically if you use Spring Boot’s Gradle plugin or if you use Maven and spring-boot-starter-parent.
|
Input Type Conversion
The parameters passed to endpoint operation methods are, if necessary, automatically converted to the required type.
Before calling an operation method, the input received over JMX or HTTP is converted to the required types by using an instance of ApplicationConversionService as well as any Converter or GenericConverter beans qualified with @EndpointConverter.
Custom Web Endpoints
Operations on an @Endpoint, @WebEndpoint, or @EndpointWebExtension are automatically exposed over HTTP using Jersey, Spring MVC, or Spring WebFlux.
If both Jersey and Spring MVC are available, Spring MVC is used.
Web Endpoint Request Predicates
A request predicate is automatically generated for each operation on a web-exposed endpoint.
Path
The path of the predicate is determined by the ID of the endpoint and the base path of the web-exposed endpoints.
The default base path is /actuator.
For example, an endpoint with an ID of sessions uses /actuator/sessions as its path in the predicate.
You can further customize the path by annotating one or more parameters of the operation method with @Selector.
Such a parameter is added to the path predicate as a path variable.
The variable’s value is passed into the operation method when the endpoint operation is invoked.
If you want to capture all remaining path elements, you can add @Selector(Match=ALL_REMAINING) to the last parameter and make it a type that is conversion-compatible with a String[].
HTTP method
The HTTP method of the predicate is determined by the operation type, as shown in the following table:
| Operation | HTTP method |
|---|---|
|
|
|
|
|
Consumes
For a @WriteOperation (HTTP POST) that uses the request body, the consumes clause of the predicate is application/vnd.spring-boot.actuator.v2+json, application/json.
For all other operations, the consumes clause is empty.
Produces
The produces clause of the predicate can be determined by the produces attribute of the @DeleteOperation, @ReadOperation, and @WriteOperation annotations.
The attribute is optional.
If it is not used, the produces clause is determined automatically.
Web Endpoint Response Status
The default response status for an endpoint operation depends on the operation type (read, write, or delete) and what, if anything, the operation returns.
If a @ReadOperation returns a value, the response status will be 200 (OK).
If it does not return a value, the response status will be 404 (Not Found).
If a @WriteOperation or @DeleteOperation returns a value, the response status will be 200 (OK).
If it does not return a value, the response status will be 204 (No Content).
If an operation is invoked without a required parameter or with a parameter that cannot be converted to the required type, the operation method is not called, and the response status will be 400 (Bad Request).
Web Endpoint Range Requests
You can use an HTTP range request to request part of an HTTP resource.
When using Spring MVC or Spring Web Flux, operations that return a Resource automatically support range requests.
| Range requests are not supported when using Jersey. |
Web Endpoint Security
An operation on a web endpoint or a web-specific endpoint extension can receive the current Principal or SecurityContext as a method parameter.
The former is typically used in conjunction with either @javax.annotation.Nullable or @Nullable to provide different behavior for authenticated and unauthenticated users.
The latter is typically used to perform authorization checks by using its isUserInRole(String) method.
Health Information
You can use health information to check the status of your running application.
It is often used by monitoring software to alert someone when a production system goes down.
The information exposed by the health endpoint depends on the management.endpoint.health.show-details and management.endpoint.health.show-components properties, which can be configured with one of the following values:
| Name | Description |
|---|---|
|
Details are never shown. |
|
Details are shown only to authorized users.
Authorized roles can be configured by using |
|
Details are shown to all users. |
The default value is never.
A user is considered to be authorized when they are in one or more of the endpoint’s roles.
If the endpoint has no configured roles (the default), all authenticated users are considered to be authorized.
You can configure the roles by using the management.endpoint.health.roles property.
If you have secured your application and wish to use always, your security configuration must permit access to the health endpoint for both authenticated and unauthenticated users.
|
Health information is collected from the content of a HealthContributorRegistry (by default, all HealthContributor instances defined in your ApplicationContext).
Spring Boot includes a number of auto-configured HealthContributor beans, and you can also write your own.
A HealthContributor can be either a HealthIndicator or a CompositeHealthContributor.
A HealthIndicator provides actual health information, including a Status.
A CompositeHealthContributor provides a composite of other HealthContributor instances.
Taken together, contributors form a tree structure to represent the overall system health.
By default, the final system health is derived by a StatusAggregator, which sorts the statuses from each HealthIndicator based on an ordered list of statuses.
The first status in the sorted list is used as the overall health status.
If no HealthIndicator returns a status that is known to the StatusAggregator, an UNKNOWN status is used.
You can use the HealthContributorRegistry to register and unregister health indicators at runtime.
|
Auto-configured HealthIndicators
When appropriate, Spring Boot auto-configures the HealthIndicator beans listed in the following table.
You can also enable or disable selected indicators by configuring management.health.key.enabled,
with the key listed in the following table:
| Key | Name | Description |
|---|---|---|
|
Checks that a Cassandra database is up. |
|
|
Checks that a Couchbase cluster is up. |
|
|
Checks that a connection to |
|
|
Checks for low disk space. |
|
|
Checks that an Elasticsearch cluster is up. |
|
|
Checks that a Hazelcast server is up. |
|
|
Checks that a JMS broker is up. |
|
|
Checks that an LDAP server is up. |
|
|
Checks that a mail server is up. |
|
|
Checks that a Mongo database is up. |
|
|
Checks that a Neo4j database is up. |
|
|
Always responds with |
|
|
Checks that a Rabbit server is up. |
|
|
Checks that a Redis server is up. |
|
|
Checks that SSL certificates are ok. |
You can disable them all by setting the management.health.defaults.enabled property.
|
The ssl HealthIndicator has a "warning threshold" property named management.health.ssl.certificate-validity-warning-threshold.
If an SSL certificate will be invalid within the time span defined by this threshold, the HealthIndicator will warn you but it will still return HTTP 200 to not disrupt the application.
You can use this threshold to give yourself enough lead time to rotate the soon to be expired certificate.
|
Additional HealthIndicator beans are available but are not enabled by default:
| Key | Name | Description |
|---|---|---|
|
Exposes the “Liveness” application availability state. |
|
|
Exposes the “Readiness” application availability state. |
Writing Custom HealthIndicators
To provide custom health information, you can register Spring beans that implement the HealthIndicator interface.
You need to provide an implementation of the health() method and return a Health response.
The Health response should include a status and can optionally include additional details to be displayed.
The following code shows a sample HealthIndicator implementation:
-
Java
-
Kotlin
import org.springframework.boot.actuate.health.Health;
import org.springframework.boot.actuate.health.HealthIndicator;
import org.springframework.stereotype.Component;
@Component
public class MyHealthIndicator implements HealthIndicator {
@Override
public Health health() {
int errorCode = check();
if (errorCode != 0) {
return Health.down().withDetail("Error Code", errorCode).build();
}
return Health.up().build();
}
private int check() {
// perform some specific health check
return ...
}
}import org.springframework.boot.actuate.health.Health
import org.springframework.boot.actuate.health.HealthIndicator
import org.springframework.stereotype.Component
@Component
class MyHealthIndicator : HealthIndicator {
override fun health(): Health {
val errorCode = check()
if (errorCode != 0) {
return Health.down().withDetail("Error Code", errorCode).build()
}
return Health.up().build()
}
private fun check(): Int {
// perform some specific health check
return ...
}
}
The identifier for a given HealthIndicator is the name of the bean without the HealthIndicator suffix, if it exists.
In the preceding example, the health information is available in an entry named my.
|
Health indicators are usually called over HTTP and need to respond before any connection timeouts.
Spring Boot will log a warning message for any health indicator that takes longer than 10 seconds to respond.
If you want to configure this threshold, you can use the management.endpoint.health.logging.slow-indicator-threshold property.
|
In addition to Spring Boot’s predefined Status types, Health can return a custom Status that represents a new system state.
In such cases, you also need to provide a custom implementation of the StatusAggregator interface, or you must configure the default implementation by using the management.endpoint.health.status.order configuration property.
For example, assume a new Status with a code of FATAL is being used in one of your HealthIndicator implementations.
To configure the severity order, add the following property to your application properties:
-
Properties
-
YAML
management.endpoint.health.status.order=fatal,down,out-of-service,unknown,upmanagement:
endpoint:
health:
status:
order: "fatal,down,out-of-service,unknown,up"The HTTP status code in the response reflects the overall health status.
By default, OUT_OF_SERVICE and DOWN map to 503.
Any unmapped health statuses, including UP, map to 200.
You might also want to register custom status mappings if you access the health endpoint over HTTP.
Configuring a custom mapping disables the defaults mappings for DOWN and OUT_OF_SERVICE.
If you want to retain the default mappings, you must explicitly configure them, alongside any custom mappings.
For example, the following property maps FATAL to 503 (service unavailable) and retains the default mappings for DOWN and OUT_OF_SERVICE:
-
Properties
-
YAML
management.endpoint.health.status.http-mapping.down=503
management.endpoint.health.status.http-mapping.fatal=503
management.endpoint.health.status.http-mapping.out-of-service=503management:
endpoint:
health:
status:
http-mapping:
down: 503
fatal: 503
out-of-service: 503
If you need more control, you can define your own HttpCodeStatusMapper bean.
|
The following table shows the default status mappings for the built-in statuses:
| Status | Mapping |
|---|---|
|
|
|
|
|
No mapping by default, so HTTP status is |
|
No mapping by default, so HTTP status is |
Reactive Health Indicators
For reactive applications, such as those that use Spring WebFlux, ReactiveHealthContributor provides a non-blocking contract for getting application health.
Similar to a traditional HealthContributor, health information is collected from the content of a ReactiveHealthContributorRegistry (by default, all HealthContributor and ReactiveHealthContributor instances defined in your ApplicationContext).
Regular HealthContributor instances that do not check against a reactive API are executed on the elastic scheduler.
In a reactive application, you should use the ReactiveHealthContributorRegistry to register and unregister health indicators at runtime.
If you need to register a regular HealthContributor, you should wrap it with ReactiveHealthContributor#adapt.
|
To provide custom health information from a reactive API, you can register Spring beans that implement the ReactiveHealthIndicator interface.
The following code shows a sample ReactiveHealthIndicator implementation:
-
Java
-
Kotlin
import reactor.core.publisher.Mono;
import org.springframework.boot.actuate.health.Health;
import org.springframework.boot.actuate.health.ReactiveHealthIndicator;
import org.springframework.stereotype.Component;
@Component
public class MyReactiveHealthIndicator implements ReactiveHealthIndicator {
@Override
public Mono<Health> health() {
return doHealthCheck().onErrorResume((exception) ->
Mono.just(new Health.Builder().down(exception).build()));
}
private Mono<Health> doHealthCheck() {
// perform some specific health check
return ...
}
}import org.springframework.boot.actuate.health.Health
import org.springframework.boot.actuate.health.ReactiveHealthIndicator
import org.springframework.stereotype.Component
import reactor.core.publisher.Mono
@Component
class MyReactiveHealthIndicator : ReactiveHealthIndicator {
override fun health(): Mono<Health> {
return doHealthCheck()!!.onErrorResume { exception: Throwable? ->
Mono.just(Health.Builder().down(exception).build())
}
}
private fun doHealthCheck(): Mono<Health>? {
// perform some specific health check
return ...
}
}
To handle the error automatically, consider extending from AbstractReactiveHealthIndicator.
|
Auto-configured ReactiveHealthIndicators
When appropriate, Spring Boot auto-configures the following ReactiveHealthIndicator beans:
| Key | Name | Description |
|---|---|---|
|
Checks that a Cassandra database is up. |
|
|
Checks that a Couchbase cluster is up. |
|
|
Checks that an Elasticsearch cluster is up. |
|
|
Checks that a Mongo database is up. |
|
|
Checks that a Neo4j database is up. |
|
|
Checks that a Redis server is up. |
If necessary, reactive indicators replace the regular ones.
Also, any HealthIndicator that is not handled explicitly is wrapped automatically.
|
Health Groups
It is sometimes useful to organize health indicators into groups that you can use for different purposes.
To create a health indicator group, you can use the management.endpoint.health.group.<name> property and specify a list of health indicator IDs to include or exclude.
For example, to create a group that includes only database indicators you can define the following:
-
Properties
-
YAML
management.endpoint.health.group.custom.include=dbmanagement:
endpoint:
health:
group:
custom:
include: "db"You can then check the result by hitting localhost:8080/actuator/health/custom.
Similarly, to create a group that excludes the database indicators from the group and includes all the other indicators, you can define the following:
-
Properties
-
YAML
management.endpoint.health.group.custom.exclude=dbmanagement:
endpoint:
health:
group:
custom:
exclude: "db"By default, startup will fail if a health group includes or excludes a health indicator that does not exist.
To disable this behavior set management.endpoint.health.validate-group-membership to false.
By default, groups inherit the same StatusAggregator and HttpCodeStatusMapper settings as the system health.
However, you can also define these on a per-group basis.
You can also override the show-details and roles properties if required:
-
Properties
-
YAML
management.endpoint.health.group.custom.show-details=when-authorized
management.endpoint.health.group.custom.roles=admin
management.endpoint.health.group.custom.status.order=fatal,up
management.endpoint.health.group.custom.status.http-mapping.fatal=500
management.endpoint.health.group.custom.status.http-mapping.out-of-service=500management:
endpoint:
health:
group:
custom:
show-details: "when-authorized"
roles: "admin"
status:
order: "fatal,up"
http-mapping:
fatal: 500
out-of-service: 500
You can use @Qualifier("groupname") if you need to register custom StatusAggregator or HttpCodeStatusMapper beans for use with the group.
|
A health group can also include/exclude a CompositeHealthContributor.
You can also include/exclude only a certain component of a CompositeHealthContributor.
This can be done using the fully qualified name of the component as follows:
management.endpoint.health.group.custom.include="test/primary"
management.endpoint.health.group.custom.exclude="test/primary/b"In the example above, the custom group will include the HealthContributor with the name primary which is a component of the composite test.
Here, primary itself is a composite and the HealthContributor with the name b will be excluded from the custom group.
Health groups can be made available at an additional path on either the main or management port. This is useful in cloud environments such as Kubernetes, where it is quite common to use a separate management port for the actuator endpoints for security purposes. Having a separate port could lead to unreliable health checks because the main application might not work properly even if the health check is successful. The health group can be configured with an additional path as follows:
management.endpoint.health.group.live.additional-path="server:/healthz"This would make the live health group available on the main server port at /healthz.
The prefix is mandatory and must be either server: (represents the main server port) or management: (represents the management port, if configured.)
The path must be a single path segment.
DataSource Health
The DataSource health indicator shows the health of both standard data sources and routing data source beans.
The health of a routing data source includes the health of each of its target data sources.
In the health endpoint’s response, each of a routing data source’s targets is named by using its routing key.
If you prefer not to include routing data sources in the indicator’s output, set management.health.db.ignore-routing-data-sources to true.
Kubernetes Probes
Applications deployed on Kubernetes can provide information about their internal state with Container Probes. Depending on your Kubernetes configuration, the kubelet calls those probes and reacts to the result.
By default, Spring Boot manages your Application Availability state.
If deployed in a Kubernetes environment, actuator gathers the “Liveness” and “Readiness” information from the ApplicationAvailability interface and uses that information in dedicated health indicators: LivenessStateHealthIndicator and ReadinessStateHealthIndicator.
These indicators are shown on the global health endpoint ("/actuator/health").
They are also exposed as separate HTTP Probes by using health groups: "/actuator/health/liveness" and "/actuator/health/readiness".
You can then configure your Kubernetes infrastructure with the following endpoint information:
livenessProbe:
httpGet:
path: "/actuator/health/liveness"
port: <actuator-port>
failureThreshold: ...
periodSeconds: ...
readinessProbe:
httpGet:
path: "/actuator/health/readiness"
port: <actuator-port>
failureThreshold: ...
periodSeconds: ...
<actuator-port> should be set to the port that the actuator endpoints are available on.
It could be the main web server port or a separate management port if the "management.server.port" property has been set.
|
These health groups are automatically enabled only if the application runs in a Kubernetes environment.
You can enable them in any environment by using the management.endpoint.health.probes.enabled configuration property.
If an application takes longer to start than the configured liveness period, Kubernetes mentions the "startupProbe" as a possible solution.
Generally speaking, the "startupProbe" is not necessarily needed here, as the "readinessProbe" fails until all startup tasks are done.
This means your application will not receive traffic until it is ready.
However, if your application takes a long time to start, consider using a "startupProbe" to make sure that Kubernetes won’t kill your application while it is in the process of starting.
See the section that describes how probes behave during the application lifecycle.
|
If your Actuator endpoints are deployed on a separate management context, the endpoints do not use the same web infrastructure (port, connection pools, framework components) as the main application.
In this case, a probe check could be successful even if the main application does not work properly (for example, it cannot accept new connections).
For this reason, it is a good idea to make the liveness and readiness health groups available on the main server port.
This can be done by setting the following property:
management.endpoint.health.probes.add-additional-paths=trueThis would make the liveness group available at /livez and the readiness group available at /readyz on the main server port.
Paths can be customized using the additional-path property on each group, see health groups for details.
Checking External State With Kubernetes Probes
Actuator configures the “liveness” and “readiness” probes as Health Groups. This means that all the health groups features are available for them. You can, for example, configure additional Health Indicators:
-
Properties
-
YAML
management.endpoint.health.group.readiness.include=readinessState,customCheckmanagement:
endpoint:
health:
group:
readiness:
include: "readinessState,customCheck"By default, Spring Boot does not add other health indicators to these groups.
The “liveness” probe should not depend on health checks for external systems. If the liveness state of an application is broken, Kubernetes tries to solve that problem by restarting the application instance. This means that if an external system (such as a database, a Web API, or an external cache) fails, Kubernetes might restart all application instances and create cascading failures.
As for the “readiness” probe, the choice of checking external systems must be made carefully by the application developers. For this reason, Spring Boot does not include any additional health checks in the readiness probe. If the readiness state of an application instance is unready, Kubernetes does not route traffic to that instance. Some external systems might not be shared by application instances, in which case they could be included in a readiness probe. Other external systems might not be essential to the application (the application could have circuit breakers and fallbacks), in which case they definitely should not be included. Unfortunately, an external system that is shared by all application instances is common, and you have to make a judgement call: Include it in the readiness probe and expect that the application is taken out of service when the external service is down or leave it out and deal with failures higher up the stack, perhaps by using a circuit breaker in the caller.
If all instances of an application are unready, a Kubernetes Service with type=ClusterIP or NodePort does not accept any incoming connections.
There is no HTTP error response (503 and so on), since there is no connection.
A service with type=LoadBalancer might or might not accept connections, depending on the provider.
A service that has an explicit ingress also responds in a way that depends on the implementation — the ingress service itself has to decide how to handle the “connection refused” from downstream.
HTTP 503 is quite likely in the case of both load balancer and ingress.
|
Also, if an application uses Kubernetes autoscaling, it may react differently to applications being taken out of the load-balancer, depending on its autoscaler configuration.
Application Lifecycle and Probe States
An important aspect of the Kubernetes Probes support is its consistency with the application lifecycle.
There is a significant difference between the AvailabilityState (which is the in-memory, internal state of the application)
and the actual probe (which exposes that state).
Depending on the phase of application lifecycle, the probe might not be available.
Spring Boot publishes application events during startup and shutdown,
and probes can listen to such events and expose the AvailabilityState information.
The following tables show the AvailabilityState and the state of HTTP connectors at different stages.
When a Spring Boot application starts:
| Startup phase | LivenessState | ReadinessState | HTTP server | Notes |
|---|---|---|---|---|
Starting |
|
|
Not started |
Kubernetes checks the "liveness" Probe and restarts the application if it takes too long. |
Started |
|
|
Refuses requests |
The application context is refreshed. The application performs startup tasks and does not receive traffic yet. |
Ready |
|
|
Accepts requests |
Startup tasks are finished. The application is receiving traffic. |
When a Spring Boot application shuts down:
| Shutdown phase | Liveness State | Readiness State | HTTP server | Notes |
|---|---|---|---|---|
Running |
|
|
Accepts requests |
Shutdown has been requested. |
Graceful shutdown |
|
|
New requests are rejected |
If enabled, graceful shutdown processes in-flight requests. |
Shutdown complete |
N/A |
N/A |
Server is shut down |
The application context is closed and the application is shut down. |
| See Kubernetes Container Lifecycle for more information about Kubernetes deployment. |
Application Information
Application information exposes various information collected from all InfoContributor beans defined in your ApplicationContext.
Spring Boot includes a number of auto-configured InfoContributor beans, and you can write your own.
Auto-configured InfoContributors
When appropriate, Spring auto-configures the following InfoContributor beans:
| ID | Name | Description | Prerequisites |
|---|---|---|---|
|
Exposes build information. |
A |
|
|
Exposes any property from the |
None. |
|
|
Exposes git information. |
A |
|
|
Exposes Java runtime information. |
None. |
|
|
Exposes Operating System information. |
None. |
|
|
Exposes process information. |
None. |
|
|
Exposes SSL certificate information. |
An SSL Bundle configured. |
Whether an individual contributor is enabled is controlled by its management.info.<id>.enabled property.
Different contributors have different defaults for this property, depending on their prerequisites and the nature of the information that they expose.
With no prerequisites to indicate that they should be enabled, the env, java, os, and process contributors are disabled by default. The ssl contributor has a prerequisite of having an SSL Bundle configured but it is disabled by default.
Each can be enabled by setting its management.info.<id>.enabled property to true.
The build and git info contributors are enabled by default.
Each can be disabled by setting its management.info.<id>.enabled property to false.
Alternatively, to disable every contributor that is usually enabled by default, set the management.info.defaults.enabled property to false.
Custom Application Information
When the env contributor is enabled, you can customize the data exposed by the info endpoint by setting info.* Spring properties.
All Environment properties under the info key are automatically exposed.
For example, you could add the following settings to your application.properties file:
-
Properties
-
YAML
info.app.encoding=UTF-8
info.app.java.source=17
info.app.java.target=17info:
app:
encoding: "UTF-8"
java:
source: "17"
target: "17"|
Rather than hardcoding those values, you could also expand info properties at build time. Assuming you use Maven, you could rewrite the preceding example as follows:
|
Git Commit Information
Another useful feature of the info endpoint is its ability to publish information about the state of your git source code repository when the project was built.
If a GitProperties bean is available, you can use the info endpoint to expose these properties.
A GitProperties bean is auto-configured if a git.properties file is available at the root of the classpath.
See 生成 Git 信息 for more detail.
|
By default, the endpoint exposes git.branch, git.commit.id, and git.commit.time properties, if present.
If you do not want any of these properties in the endpoint response, they need to be excluded from the git.properties file.
If you want to display the full git information (that is, the full content of git.properties), use the management.info.git.mode property, as follows:
-
Properties
-
YAML
management.info.git.mode=fullmanagement:
info:
git:
mode: "full"To disable the git commit information from the info endpoint completely, set the management.info.git.enabled property to false, as follows:
-
Properties
-
YAML
management.info.git.enabled=falsemanagement:
info:
git:
enabled: falseBuild Information
If a BuildProperties bean is available, the info endpoint can also publish information about your build.
This happens if a META-INF/build-info.properties file is available in the classpath.
| The Maven and Gradle plugins can both generate that file. See 生成构建信息 for more details. |
Java Information
The info endpoint publishes information about your Java runtime environment, see JavaInfo for more details.
OS Information
The info endpoint publishes information about your Operating System, see OsInfo for more details.
Process Information
The info endpoint publishes information about your process, see ProcessInfo for more details.
SSL Information
The info endpoint publishes information about your SSL certificates (that are configured through SSL Bundles), see SslInfo for more details. This endpoint reuses the "warning threshold" property of SslHealthIndicator: if an SSL certificate will be invalid within the time span defined by this threshold, it will trigger a warning. See the management.health.ssl.certificate-validity-warning-threshold property.
Writing Custom InfoContributors
To provide custom application information, you can register Spring beans that implement the InfoContributor interface.
The following example contributes an example entry with a single value:
-
Java
-
Kotlin
import java.util.Collections;
import org.springframework.boot.actuate.info.Info;
import org.springframework.boot.actuate.info.InfoContributor;
import org.springframework.stereotype.Component;
@Component
public class MyInfoContributor implements InfoContributor {
@Override
public void contribute(Info.Builder builder) {
builder.withDetail("example", Collections.singletonMap("key", "value"));
}
}import org.springframework.boot.actuate.info.Info
import org.springframework.boot.actuate.info.InfoContributor
import org.springframework.stereotype.Component
import java.util.Collections
@Component
class MyInfoContributor : InfoContributor {
override fun contribute(builder: Info.Builder) {
builder.withDetail("example", Collections.singletonMap("key", "value"))
}
}If you reach the info endpoint, you should see a response that contains the following additional entry:
{
"example": {
"key" : "value"
}
}Software Bill of Materials (SBOM)
The sbom endpoint exposes the Software Bill of Materials.
CycloneDX SBOMs can be auto-detected, but other formats can be manually configured, too.
The sbom actuator endpoint will then expose an SBOM called "application", which describes the contents of your application.
| To automatically generate a CycloneDX SBOM at project build time, please see the 生成 CycloneDX SBOM section. |
Other SBOM formats
If you want to publish an SBOM in a different format, there are some configuration properties which you can use.
The configuration property management.endpoint.sbom.application.location sets the location for the application SBOM.
For example, setting this to classpath:sbom.json will use the contents of the /sbom.json resource on the classpath.
The media type for SBOMs in CycloneDX, SPDX and Syft format is detected automatically.
To override the auto-detected media type, use the configuration property management.endpoint.sbom.application.media-type.
Additional SBOMs
The actuator endpoint can handle multiple SBOMs.
To add SBOMs, use the configuration property management.endpoint.sbom.additional, as shown in this example:
-
Properties
-
YAML
management.endpoint.sbom.additional.system.location=optional:file:/system.spdx.json
management.endpoint.sbom.additional.system.media-type=application/spdx+jsonmanagement:
endpoint:
sbom:
additional:
system:
location: "optional:file:/system.spdx.json"
media-type: "application/spdx+json"This will add an SBOM called "system", which is stored in /system.spdx.json.
The optional: prefix can be used to prevent a startup failure if the file doesn’t exist.