@ -5,8 +5,8 @@
--
--
Spring Boot includes a number of additional features to help you monitor and manage your
Spring Boot includes a number of additional features to help you monitor and manage your
application when you push it to production. You can choose to manage and monitor your
application when you push it to production. You can choose to manage and monitor your
application by using HTTP endpoints or with JMX. Auditing, health, and metrics gathering can
application by using HTTP endpoints or with JMX. Auditing, health, and metrics gathering
also be automatically applied to your application.
can also be automatically applied to your application.
Actuator HTTP endpoints are only available with a Spring MVC-based application. In
Actuator HTTP endpoints are only available with a Spring MVC-based application. In
particular, it does not work with Jersey <<howto.adoc#howto-use-actuator-with-jersey,
particular, it does not work with Jersey <<howto.adoc#howto-use-actuator-with-jersey,
@ -17,9 +17,9 @@ unless you enable Spring MVC as well.>>
[[production-ready-enabling]]
[[production-ready-enabling]]
== Enabling Production-ready Features
== Enabling Production-ready Features
The {github-code}/spring-boot-project/spring-boot-actuator[`spring-boot-actuator`] module provides all of
The {github-code}/spring-boot-project/spring-boot-actuator[`spring-boot-actuator`] module
Spring Boot's production-ready features. The simplest way to enable the features is to add
provides all of Spring Boot's production-ready features. The simplest way to enable the
a dependency to the `spring-boot-starter-actuator` '`Starter`'.
features is to add a dependency to the `spring-boot-starter-actuator` '`Starter`'.
.Definition of Actuator
.Definition of Actuator
****
****
@ -28,8 +28,7 @@ controlling something. Actuators can generate a large amount of motion from a sm
change.
change.
****
****
To add the actuator to a Maven based project, add the following '`Starter`'
To add the actuator to a Maven based project, add the following '`Starter`' dependency:
dependency:
[source,xml,indent=0]
[source,xml,indent=0]
----
----
@ -58,10 +57,10 @@ Actuator endpoints let you monitor and interact with your application. Spring Bo
includes a number of built-in endpoints and lets you add your own. For example, the
includes a number of built-in endpoints and lets you add your own. For example, the
`health` endpoint provides basic application health information.
`health` endpoint provides basic application health information.
The way that endpoints are exposed depends on the type of technology that you choose.
The way that endpoints are exposed depends on the type of technology that you choose. Most
Most applications choose HTTP monitoring, where the ID of the endpoint along with a prefix ofapplications choose HTTP monitoring, where the ID of the endpoint along with a prefix of
`/application` is mapped to a URL. For example, by default, the `health` endpoint is mapped
`/application` is mapped to a URL. For example, by default, the `health` endpoint is
to `/application/health`.
mapped to `/application/health`.
The following technology-agnostic endpoints are available:
The following technology-agnostic endpoints are available:
@ -114,7 +113,8 @@ The following technology-agnostic endpoints are available:
|Lets the application be gracefully shutdown (not enabled by default).
|Lets the application be gracefully shutdown (not enabled by default).
|`status`
|`status`
|Shows application status information (that is, `health` status with no additional details).
|Shows application status information (that is, `health` status with no additional
details).
|`threaddump`
|`threaddump`
|Performs a thread dump.
|Performs a thread dump.
@ -153,8 +153,8 @@ TIP: If you want to use something other than `ACTUATOR` as the role, set the
`management.security.roles` property to the value you want to use.
`management.security.roles` property to the value you want to use.
If you deploy applications behind a firewall, you may prefer that all your actuator
If you deploy applications behind a firewall, you may prefer that all your actuator
endpoints can be accessed without requiring authentication. You can do so by changing
endpoints can be accessed without requiring authentication. You can do so by changing the
the `management.security.enabled` property, as follows:`management.security.enabled` property, as follows:
.application.properties
.application.properties
[source,properties,indent=0]
[source,properties,indent=0]
@ -166,17 +166,17 @@ CAUTION: By default, actuator endpoints are exposed on the same port that serves
HTTP traffic. Take care not to accidentally expose sensitive information if you change
HTTP traffic. Take care not to accidentally expose sensitive information if you change
the `management.security.enabled` property.
the `management.security.enabled` property.
If you deploy applications publicly, you may want to add '`Spring Security`' to
If you deploy applications publicly, you may want to add '`Spring Security`' to handle
handle user authentication. When '`Spring Security`' is added, by default, '`basic`'user authentication. When '`Spring Security`' is added, by default, '`basic`'
authentication is used. The username is`user` and the password is a random generated
authentication is used. The username is`user` and the password is a random generated
password (which is printed on the console when the application starts).
password (which is printed on the console when the application starts).
TIP: Generated passwords are logged as the application starts. To find the password in
TIP: Generated passwords are logged as the application starts. To find the password in the
the console, search for '`Using default security password`'.console, search for '`Using default security password`'.
You can use Spring properties to change the username and password and to change the
You can use Spring properties to change the username and password and to change the
security role(s) required to access the endpoints. For example, you might set the following
security role(s) required to access the endpoints. For example, you might set the
properties in your `application.properties`:
following properties in your `application.properties`:
[source,properties,indent=0]
[source,properties,indent=0]
----
----
@ -187,27 +187,27 @@ properties in your `application.properties`:
If your application has custom security configuration and you want all your actuator
If your application has custom security configuration and you want all your actuator
endpoints to be accessible without authentication, you need to explicitly configure that
endpoints to be accessible without authentication, you need to explicitly configure that
in your security configuration. Also, you need to change the
in your security configuration. Also, you need to change the `management.security.enabled`
`management.security.enabled` property to `false`.property to `false`.
If your custom security configuration secures your actuator endpoints, you also need to
If your custom security configuration secures your actuator endpoints, you also need to
ensure that the authenticated user has the roles specified under
ensure that the authenticated user has the roles specified under
`management.security.roles`.
`management.security.roles`.
TIP: If you do not have a use case for exposing basic health information to unauthenticated
TIP: If you do not have a use case for exposing basic health information to
users and you have secured the actuator endpoints with custom security, you can set
unauthenticated users and you have secured the actuator endpoints with custom security,
`management.security.enabled` to `false`. This tells Spring Boot to skip the
you can set `management.security.enabled` to `false`. This tells Spring Boot to skip the
additional role check.
additional role check.
[[production-ready-customizing-endpoints]]
[[production-ready-customizing-endpoints]]
=== Customizing Endpoints
=== Customizing Endpoints
Endpoints can be customized by using Spring properties. You can change whether an endpoint is
Endpoints can be customized by using Spring properties. You can change whether an endpoint
`enabled` and its `id`.
is `enabled` and its `id`.
For example, the following `application.properties` changes the id of the `beans`
For example, the following `application.properties` changes the id of the `beans` endpoint
endpoint and also enables `shutdown`:and also enables `shutdown`:
[source,properties,indent=0]
[source,properties,indent=0]
----
----
@ -218,9 +218,9 @@ endpoint and also enables `shutdown`:
NOTE: The prefix ‟`endpoints` + `.` + `name`” is used to uniquely identify the endpoint
NOTE: The prefix ‟`endpoints` + `.` + `name`” is used to uniquely identify the endpoint
that is being configured.
that is being configured.
By default, all endpoints except for `shutdown` are enabled. If you prefer to
By default, all endpoints except for `shutdown` are enabled. If you prefer to specifically
specifically "`opt-in`" endpoint enablement, you can use the `endpoints.default.enabled`"`opt-in`" endpoint enablement, you can use the `endpoints.default.enabled` property. For
property. For example, the following settings disables _all_ endpoints except for `info`:example, the following settings disables _all_ endpoints except for `info`:
[source,properties,indent=0]
[source,properties,indent=0]
----
----
@ -235,11 +235,11 @@ property. For example, the following settings disables _all_ endpoints except fo
A "`discovery page`" is added with links to all the endpoints. The "`discovery page`" is
A "`discovery page`" is added with links to all the endpoints. The "`discovery page`" is
available on `/application` by default.
available on `/application` by default.
When a custom management context path is configured, the "`discovery page`"
When a custom management context path is configured, the "`discovery page`" automatically
automatically moves from `/application` to the root of the management context. For example,moves from `/application` to the root of the management context. For example, if the
if the management context path is `/management`, then the discovery page is availablemanagement context path is `/management`, then the discovery page is available from
from `/management`. When the management context path is set to `/`, the discovery page`/management`. When the management context path is set to `/`, the discovery page is
is disabled to prevent the possibility of a clash with other mappings.disabled to prevent the possibility of a clash with other mappings.
@ -247,13 +247,12 @@ is disabled to prevent the possibility of a clash with other mappings.
=== CORS Support
=== CORS Support
http://en.wikipedia.org/wiki/Cross-origin_resource_sharing[Cross-origin resource sharing]
http://en.wikipedia.org/wiki/Cross-origin_resource_sharing[Cross-origin resource sharing]
(CORS) is a http://www.w3.org/TR/cors/[W3C specification] that allows you to specify in a
(CORS) is a http://www.w3.org/TR/cors/[W3C specification] that allows you to specify in a
flexible way what kind of cross domain requests are authorized. If you use Spring
flexible way what kind of cross domain requests are authorized. If you use Spring MVC or
MVC or Spring WebFlux, Actuator's web endpoints can be configured to support such
Spring WebFlux, Actuator's web endpoints can be configured to support such scenarios.
scenarios.
CORS support is disabled by default and is only enabled once the
CORS support is disabled by default and is only enabled once the
`management.endpoints.cors.allowed-origins` property has been set. The following configuration
`management.endpoints.cors.allowed-origins` property has been set. The following
permits `GET` and `POST` calls from the `example.com` domain:
configuration permits `GET` and `POST` calls from the `example.com` domain:
[source,properties,indent=0]
[source,properties,indent=0]
----
----
@ -261,8 +260,7 @@ permits `GET` and `POST` calls from the `example.com` domain:
management.endpoints.cors.allowed-methods=GET,POST
management.endpoints.cors.allowed-methods=GET,POST
----
----
TIP: See {sc-spring-boot-actuator-autoconfigure}/endpoint/web/servlet/CorsEndpointProperties.{sc-ext}[CorsEndpointProperties]
TIP: See {sc-spring-boot-actuator-autoconfigure}/endpoint/web/servlet/CorsEndpointProperties.{sc-ext}[CorsEndpointProperties] for a complete list of options.
for a complete list of options.
@ -272,20 +270,20 @@ If you add a `@Bean` annotated with `@Endpoint`, any methods annotated with
`@ReadOperation` or `@WriteOperation` are automatically exposed over JMX and, in a web
`@ReadOperation` or `@WriteOperation` are automatically exposed over JMX and, in a web
application, over HTTP as well.
application, over HTTP as well.
TIP: If you do this as a library feature, consider adding a configuration class
TIP: If you do this as a library feature, consider adding a configuration class annotated
annotated with `@ManagementContextConfiguration` to `/META-INF/spring.factories` under thewith `@ManagementContextConfiguration` to `/META-INF/spring.factories` under the key,
key, `org.springframework.boot.actuate.autoconfigure.ManagementContextConfiguration`. If`org.springframework.boot.actuate.autoconfigure.ManagementContextConfiguration`. If you do
you do so and if your users ask for a separate management port or address, the endpointso and if your users ask for a separate management port or address, the endpoint moves to
moves to a child context with all the other web endpoints.a child context with all the other web endpoints.
[[production-ready-health]]
[[production-ready-health]]
=== Health Information
=== Health Information
You can use health information to check the status of your running application. It is
You can use health information to check the status of your running application. It is
often used by monitoring software to alert someone when a production system goes down.
often used by monitoring software to alert someone when a production system goes down. The
The default information exposed by the `health` endpoint depends on how it is accessed.default information exposed by the `health` endpoint depends on how it is accessed. For an
For an unauthenticated connection in a secure application, a simple '`status`' message isunauthenticated connection in a secure application, a simple '`status`' message is
returned. For an authenticated connection, additional details are also displayed. (See
returned. For an authenticated connection, additional details are also displayed. (See
<<production-ready-health-access-restrictions>> for HTTP details.)
<<production-ready-health-access-restrictions>> for HTTP details.)
@ -376,11 +374,11 @@ NOTE: The identifier for a given `HealthIndicator` is the name of the bean witho
is available in an entry named `my`.
is available in an entry named `my`.
In addition to Spring Boot's predefined {sc-spring-boot-actuator}/health/Status.{sc-ext}[`Status`]
In addition to Spring Boot's predefined {sc-spring-boot-actuator}/health/Status.{sc-ext}[`Status`]
types, it is also possible for `Health` to return a custom `Status` that represents a
types, it is also possible for `Health` to return a custom `Status` that represents a new
new system state. In such cases, a custom implementation of thesystem state. In such cases, a custom implementation of the
{sc-spring-boot-actuator}/health/HealthAggregator.{sc-ext}[`HealthAggregator`]
{sc-spring-boot-actuator}/health/HealthAggregator.{sc-ext}[`HealthAggregator`] interface
interface also needs to be provided, or the default implementation has to be configuredalso needs to be provided, or the default implementation has to be configured by using the
by using the `management.health.status.order` configuration property.`management.health.status.order` configuration property.
For example, assume a new `Status` with code `FATAL` is being used in one of your
For example, assume a new `Status` with code `FATAL` is being used in one of your
`HealthIndicator` implementations. To configure the severity order, add the following
`HealthIndicator` implementations. To configure the severity order, add the following
@ -392,9 +390,9 @@ to your application properties:
----
----
The HTTP status code in the response reflects the overall health status (for example, `UP`
The HTTP status code in the response reflects the overall health status (for example, `UP`
maps to 200, while `OUT_OF_SERVICE` and `DOWN` map to 503). You might also want to register custom
maps to 200, while `OUT_OF_SERVICE` and `DOWN` map to 503). You might also want to
status mappings if you access the health endpoint over HTTP. For example, the following
register custom status mappings if you access the health endpoint over HTTP. For example,
property maps `FATAL` to 503 (service unavailable):
the following property maps `FATAL` to 503 (service unavailable):
[source,properties,indent=0]
[source,properties,indent=0]
----
----
@ -456,8 +454,8 @@ property.
[[production-ready-application-info-env]]
[[production-ready-application-info-env]]
==== Custom Application Information
==== Custom Application Information
You can customize the data exposed by the `info` endpoint by setting `+info.*+` Spring
You can customize the data exposed by the `info` endpoint by setting `+info.*+` Spring
properties. All `Environment` properties under the info key are automatically
properties. All `Environment` properties under the info key are automatically exposed. For
exposed. For example, you could add the following settings to your `application.properties` file:example, you could add the following settings to your `application.properties` file:
[source,properties,indent=0]
[source,properties,indent=0]
----
----
@ -485,13 +483,13 @@ Assuming you use Maven, you could rewrite the preceding example as follows:
[[production-ready-application-info-git]]
[[production-ready-application-info-git]]
==== Git Commit Information
==== Git Commit Information
Another useful feature of the `info` endpoint is its ability to publish information
Another useful feature of the `info` endpoint is its ability to publish information about
about the state of your `git` source code repository when the project was built. If athe state of your `git` source code repository when the project was built. If a
`GitProperties` bean is available, the `git.branch`, `git.commit.id` and
`GitProperties` bean is available, the `git.branch`, `git.commit.id` and `git.commit.time`
`git.commit.time` properties are exposed.properties are exposed.
TIP: A `GitProperties` bean is auto-configured if a `git.properties` file is available
TIP: A `GitProperties` bean is auto-configured if a `git.properties` file is available at
at the root of the classpath. Seethe root of the classpath. See
"<<howto.adoc#howto-git-info,Generate git information>>" for more details.
"<<howto.adoc#howto-git-info,Generate git information>>" for more details.
If you want to display the full git information (that is, the full content of
If you want to display the full git information (that is, the full content of
@ -506,9 +504,9 @@ If you want to display the full git information (that is, the full content of
[[production-ready-application-info-build]]
[[production-ready-application-info-build]]
==== Build Information
==== Build Information
If a `BuildProperties` bean is available, the `info` endpoint can also publish
If a `BuildProperties` bean is available, the `info` endpoint can also publish information
information about your build. This happens if a `META-INF/build-info.properties` fileabout your build. This happens if a `META-INF/build-info.properties` file is available in
is available in the classpath.the classpath.
TIP: The Maven and Gradle plugins can both generate that file. See
TIP: The Maven and Gradle plugins can both generate that file. See
"<<howto.adoc#howto-build-info,Generate build information>>" for more details.
"<<howto.adoc#howto-build-info,Generate build information>>" for more details.
@ -557,43 +555,44 @@ additional entry:
[[production-ready-monitoring]]
[[production-ready-monitoring]]
== Monitoring and Management over HTTP
== Monitoring and Management over HTTP
If you are developing a Spring MVC application, Spring Boot Actuator auto-configures
If you are developing a Spring MVC application, Spring Boot Actuator auto-configures all
all enabled endpoints to be exposed over HTTP. The default convention is to use theenabled endpoints to be exposed over HTTP. The default convention is to use the `id` of
`id` of the endpoint with a prefix of `/application` as the URL path. For example, `health`the endpoint with a prefix of `/application` as the URL path. For example, `health` is
is exposed as `/application/health`.exposed as `/application/health`.
[[production-ready-customizing-management-server-context-path]]
[[production-ready-customizing-management-server-context-path]]
=== Customizing the Management Endpoint Paths
=== Customizing the Management Endpoint Paths
Sometimes, it is useful to customize the prefix for the management endpoints.
Sometimes, it is useful to customize the prefix for the management endpoints. For example,
For example, your application might already use `/application` for another purpose.your application might already use `/application` for another purpose. You can use the
You can use the `management.endpoints.web.base-path` property to change the prefix for your`management.endpoints.web.base-path` property to change the prefix for your management
management endpoint, as shown in the following example:endpoint, as shown in the following example:
[source,properties,indent=0]
[source,properties,indent=0]
----
----
management.endpoints.web.base-path=/manage
management.endpoints.web.base-path=/manage
----
----
The preceding `application.properties` example changes the endpoint from `/application/{id}` to
The preceding `application.properties` example changes the endpoint from
`/manage/{id}` (e.g. `/manage/info`).
`/application/{id}` to `/manage/{id}` (e.g. `/manage/info`).
NOTE: Unless the management port has been configured to
NOTE: Unless the management port has been configured to
<<production-ready-customizing-management-server-port,expose endpoints using a different
<<production-ready-customizing-management-server-port,expose endpoints using a different
HTTP port>>, `management.endpoints.web.base-path` is relative to `server.context-path`. If `management.server.port`
HTTP port>>, `management.endpoints.web.base-path` is relative to `server.context-path`.
is configured, `management.endpoints.web.base-path` is relative to `management.server.servlet.context-path`.
If `management.server.port` is configured, `management.endpoints.web.base-path` is
relative to `management.server.servlet.context-path`.
[[production-ready-customizing-management-server-port]]
[[production-ready-customizing-management-server-port]]
=== Customizing the Management Server Port
=== Customizing the Management Server Port
Exposing management endpoints by using the default HTTP port is a sensible choice for cloud
Exposing management endpoints by using the default HTTP port is a sensible choice for
based deployments. If, however, your application runs inside your own data center, you
cloud based deployments. If, however, your application runs inside your own data center,
may prefer to expose endpoints by using a different HTTP port.
you may prefer to expose endpoints by using a different HTTP port.
You can set the `management.server.port` property to change the HTTP port, as shown in
You can set the `management.server.port` property to change the HTTP port, as shown in the
the following example:following example:
[source,properties,indent=0]
[source,properties,indent=0]
----
----
@ -602,8 +601,8 @@ the following example:
Since your management port is often protected by a firewall and not exposed to the public,
Since your management port is often protected by a firewall and not exposed to the public,
you might not need security on the management endpoints, even if your main application is
you might not need security on the management endpoints, even if your main application is
secure. In that case, you should have Spring Security on the classpath, and you can disable
secure. In that case, you should have Spring Security on the classpath, and you can
management security as follows:
disable management security as follows:
[source,properties,indent=0]
[source,properties,indent=0]
----
----
@ -618,9 +617,9 @@ disable the management security in this way. Doing so might even break the appli
[[production-ready-management-specific-ssl]]
[[production-ready-management-specific-ssl]]
=== Configuring Management-specific SSL
=== Configuring Management-specific SSL
When configured to use a custom port, the management server can also be configured with
When configured to use a custom port, the management server can also be configured with
its own SSL by using the various `management.server.ssl.*` properties. For example, doing so lets a
its own SSL by using the various `management.server.ssl.*` properties. For example, doing
management server be available via HTTP while the main application uses HTTPS, as shown
so lets a management server be available via HTTP while the main application uses HTTPS,
in the following property settings:
as shown in the following property settings:
[source,properties,indent=0]
[source,properties,indent=0]
----
----
@ -651,13 +650,13 @@ different key stores, as follows:
[[production-ready-customizing-management-server-address]]
[[production-ready-customizing-management-server-address]]
=== Customizing the Management Server Address
=== Customizing the Management Server Address
You can customize the address that the management endpoints are available on by
You can customize the address that the management endpoints are available on by setting
setting the `management.server.address` property. Doing so can be useful if you want tothe `management.server.address` property. Doing so can be useful if you want to listen
listen only on an internal or ops-facing network or to listen only for connections fromonly on an internal or ops-facing network or to listen only for connections from
`localhost`.
`localhost`.
NOTE: You can only listen on a different address if the port is different from the
NOTE: You can only listen on a different address if the port is different from the main
main server port.server port.
The following example `application.properties` does not allow remote management
The following example `application.properties` does not allow remote management
connections:
connections:
@ -683,11 +682,10 @@ If you do not want to expose endpoints over HTTP, you can set the management por
[[production-ready-health-access-restrictions]]
[[production-ready-health-access-restrictions]]
=== HTTP Health Endpoint Format and Access Restrictions
=== HTTP Health Endpoint Format and Access Restrictions
The information exposed by the health endpoint varies, depending on whether it is
The information exposed by the health endpoint varies, depending on whether it is accessed
accessed anonymously and whether the enclosing application is secure.
anonymously and whether the enclosing application is secure. By default, when accessed
By default, when accessed anonymously in a secure application, any details about the
anonymously in a secure application, any details about the server's health are hidden and
server's health are hidden and the endpoint indicates whether the server
the endpoint indicates whether the server is up or down.
is up or down.
The following example shows a summarized HTTP response (default for anonymous request):
The following example shows a summarized HTTP response (default for anonymous request):
@ -702,7 +700,8 @@ The following example shows a summarized HTTP response (default for anonymous re
{"status":"UP"}
{"status":"UP"}
----
----
The following example shows a summarized HTTP response for status "DOWN" (notice the 503 status code):
The following example shows a summarized HTTP response for status "DOWN" (notice the 503
status code):
[source,indent=0]
[source,indent=0]
----
----
@ -746,19 +745,20 @@ The following example shows a detailed HTTP response:
[[production-ready-jmx]]
[[production-ready-jmx]]
== Monitoring and Management over JMX
== Monitoring and Management over JMX
Java Management Extensions (JMX) provide a standard mechanism to monitor and manage
Java Management Extensions (JMX) provide a standard mechanism to monitor and manage
applications. By default, Spring Boot exposes management endpoints as JMX MBeans
applications. By default, Spring Boot exposes management endpoints as JMX MBeans under the
under the `org.springframework.boot` domain.`org.springframework.boot` domain.
[[production-ready-custom-mbean-names]]
[[production-ready-custom-mbean-names]]
=== Customizing MBean Names
=== Customizing MBean Names
The name of the MBean is usually generated from the `id` of the endpoint. For example
The name of the MBean is usually generated from the `id` of the endpoint. For example the
the `health` endpoint is exposed as `org.springframework.boot:type=Endpoint,name=Health`.`health` endpoint is exposed as `org.springframework.boot:type=Endpoint,name=Health`.
If your application contains more than one Spring `ApplicationContext`, you may find that
If your application contains more than one Spring `ApplicationContext`, you may find that
names clash. To solve this problem, you can set the `management.endpoints.jmx.unique-names`
names clash. To solve this problem, you can set the
property to `true` so that MBean names are always unique.
`management.endpoints.jmx.unique-names` property to `true` so that MBean names are always
unique.
You can also customize the JMX domain under which endpoints are exposed. The following
You can also customize the JMX domain under which endpoints are exposed. The following
settings show an example of doing so in `application.properties`:
settings show an example of doing so in `application.properties`:
@ -773,8 +773,8 @@ settings show an example of doing so in `application.properties`:
[[production-ready-disable-jmx-endpoints]]
[[production-ready-disable-jmx-endpoints]]
=== Disabling JMX Endpoints
=== Disabling JMX Endpoints
If you do not want to expose endpoints over JMX, you can set the `endpoints.default.jmx.enabled`
If you do not want to expose endpoints over JMX, you can set the
property to `false`, as shown in the following example:
`endpoints.default.jmx.enabled` property to `false`, as shown in the following example:
[source,properties,indent=0]
[source,properties,indent=0]
----
----
@ -785,9 +785,9 @@ property to `false`, as shown in the following example:
[[production-ready-jolokia]]
[[production-ready-jolokia]]
=== Using Jolokia for JMX over HTTP
=== Using Jolokia for JMX over HTTP
Jolokia is a JMX-HTTP bridge that provides an alternative method of accessing JMX beans. To
Jolokia is a JMX-HTTP bridge that provides an alternative method of accessing JMX beans.
use Jolokia, include a dependency to `org.jolokia:jolokia-core`. For example,
To use Jolokia, include a dependency to `org.jolokia:jolokia-core`. For example, with
with Maven, you would add the following dependency:Maven, you would add the following dependency:
[source,xml,indent=0]
[source,xml,indent=0]
----
----
@ -797,7 +797,8 @@ with Maven, you would add the following dependency:
</dependency>
</dependency>
----
----
Jolokia can then be accessed by using `/application/jolokia` on your management HTTP server.
Jolokia can then be accessed by using `/application/jolokia` on your management HTTP
server.
@ -831,7 +832,8 @@ If you use Jolokia but do not want Spring Boot to configure it, set the
Spring Boot Actuator includes the ability to view and configure the log levels of your
Spring Boot Actuator includes the ability to view and configure the log levels of your
application at runtime. You can view either the entire list or an individual logger's
application at runtime. You can view either the entire list or an individual logger's
configuration, which is made up of both the explicitly configured logging level as well as
configuration, which is made up of both the explicitly configured logging level as well as
the effective logging level given to it by the logging framework. These levels can be one of:
the effective logging level given to it by the logging framework. These levels can be one
of:
* `TRACE`
* `TRACE`
* `DEBUG`
* `DEBUG`
@ -877,22 +879,21 @@ monitoring systems:
- https://prometheus.io[Prometheus]
- https://prometheus.io[Prometheus]
Micrometer provides a separate module for each supported monitoring system. Depending on
Micrometer provides a separate module for each supported monitoring system. Depending on
one (or more) of these modules is sufficient to get started with Micrometer in your
one (or more) of these modules is sufficient to get started with Micrometer in your Spring
Spring Boot application. To learn more about Micrometer's capabilities, please refer toBoot application. To learn more about Micrometer's capabilities, please refer to its
its https://micrometer.io/docs[reference documentation].https://micrometer.io/docs[reference documentation].
[[production-ready-metrics-spring-mvc]]
[[production-ready-metrics-spring-mvc]]
=== Spring MVC Metrics
=== Spring MVC Metrics
Auto-configuration enables the instrumentation of requests handled by Spring MVC.
Auto-configuration enables the instrumentation of requests handled by Spring MVC. When
When `spring.metrics.web.server.auto-time-requests` is `true`, this instrumentation`spring.metrics.web.server.auto-time-requests` is `true`, this instrumentation occurs for
occurs for all requests. Alternatively, when set to `false`, you can enable instrumentationall requests. Alternatively, when set to `false`, you can enable instrumentation by adding
by adding `@Timed` to a request-handling method.`@Timed` to a request-handling method.
By default, metrics are generated with the name, `http.server.requests`. The name
By default, metrics are generated with the name, `http.server.requests`. The name can be
can be customized by setting the `spring.metrics.web.server.requests-metrics-name`
customized by setting the `spring.metrics.web.server.requests-metrics-name` property.
property.
@ -911,8 +912,8 @@ To customize the tags, provide a `@Bean` that implements `WebMvcTagsProvider`.
[[production-ready-metrics-web-flux]]
[[production-ready-metrics-web-flux]]
=== WebFlux Metrics
=== WebFlux Metrics
Auto-configuration enables the instrumentation of all requests handled by WebFlux
Auto-configuration enables the instrumentation of all requests handled by WebFlux
controllers. You can also use a helper class, `RouterFunctionMetrics`,
controllers. You can also use a helper class, `RouterFunctionMetrics`, to instrument
to instrument applications that use WebFlux's functional programming model.applications that use WebFlux's functional programming model.
By default, metrics are generated with the name `http.server.requests`. You can customize
By default, metrics are generated with the name `http.server.requests`. You can customize
the name by setting the `spring.metrics.web.server.requests-metrics-name` property.
the name by setting the `spring.metrics.web.server.requests-metrics-name` property.
@ -921,8 +922,8 @@ the name by setting the `spring.metrics.web.server.requests-metrics-name` proper
[[production-ready-metrics-web-flux-tags]]
[[production-ready-metrics-web-flux-tags]]
==== WebFlux Metric Tags
==== WebFlux Metric Tags
By default, WebFlux-related metrics for the annotation-based programming model are
By default, WebFlux-related metrics for the annotation-based programming model are tagged
tagged with the following information:with the following information:
- The request's method.
- The request's method.
- The request's URI (templated if possible).
- The request's URI (templated if possible).
@ -931,8 +932,8 @@ tagged with the following information:
To customize the tags, provide a `@Bean` that implements `WebFluxTagsProvider`.
To customize the tags, provide a `@Bean` that implements `WebFluxTagsProvider`.
By default, metrics for the functional programming model are tagged with the
By default, metrics for the functional programming model are tagged with the following
following information:information:
- The request's method
- The request's method
- The request's URI (templated if possible).
- The request's URI (templated if possible).
@ -946,19 +947,18 @@ instance.
[[production-ready-metrics-rest-template]]
[[production-ready-metrics-rest-template]]
=== RestTemplate Metrics
=== RestTemplate Metrics
Auto-configuration customizes the auto-configured `RestTemplate` to enable the
Auto-configuration customizes the auto-configured `RestTemplate` to enable the
instrumentation of its requests. `MetricsRestTemplateCustomizer` can be used to
instrumentation of its requests. `MetricsRestTemplateCustomizer` can be used to customize
customize your own `RestTemplate` instances.your own `RestTemplate` instances.
By default, metrics are generated with the name, `http.client.requests`. The name
By default, metrics are generated with the name, `http.client.requests`. The name can be
can be customized by setting the `spring.metrics.web.client.requests-metrics-name`
customized by setting the `spring.metrics.web.client.requests-metrics-name` property.
property.
[[production-ready-metrics-rest-template-tags]]
[[production-ready-metrics-rest-template-tags]]
==== RestTemplate Metric Tags
==== RestTemplate Metric Tags
By default, metrics generated by an instrumented `RestTemplate` are tagged with
By default, metrics generated by an instrumented `RestTemplate` are tagged with the
the following information:following information:
- The request's method.
- The request's method.
- The request's URI (templated if possible).
- The request's URI (templated if possible).
@ -1042,16 +1042,16 @@ Auto-configuration enables binding of a number of Spring Integration-related met
[[production-ready-auditing]]
[[production-ready-auditing]]
== Auditing
== Auditing
Once Spring Security is in play Spring Boot Actuator has a flexible audit framework that
Once Spring Security is in play Spring Boot Actuator has a flexible audit framework that
publishes events (by default, '`authentication success`', '`failure`' and '`access denied`'
publishes events (by default, '`authentication success`', '`failure`' and
exceptions). This feature can be very useful for reporting and for implementing a
'`access denied`' exceptions). This feature can be very useful for reporting and for
lock-out policy based on authentication failures. To customize published security events,
implementing a lock-out policy based on authentication failures. To customize published
you can provide your own implementations of `AbstractAuthenticationAuditListener` and
security events, you can provide your own implementations of
`AbstractAuthorizationAuditListener`.
`AbstractAuthenticationAuditListener` and `AbstractAuthorizationAuditListener`.
You can also use the audit services for your own business events. To do so,
You can also use the audit services for your own business events. To do so, either inject
either inject the existing `AuditEventRepository` into your own components andthe existing `AuditEventRepository` into your own components and use that directly or
use that directly or publish an `AuditApplicationEvent` with the Springpublish an `AuditApplicationEvent` with the Spring `ApplicationEventPublisher` (by
`ApplicationEventPublisher` (by implementing `ApplicationEventPublisherAware`).implementing `ApplicationEventPublisherAware`).
@ -1121,20 +1121,20 @@ By default, the trace includes the following information:
=== Custom tracing
=== Custom tracing
If you need to trace additional events, you can inject a
If you need to trace additional events, you can inject a
{sc-spring-boot-actuator}/trace/TraceRepository.{sc-ext}[`TraceRepository`] into your
{sc-spring-boot-actuator}/trace/TraceRepository.{sc-ext}[`TraceRepository`] into your
Spring beans. The `add` method accepts a single `Map` structure that is converted to
Spring beans. The `add` method accepts a single `Map` structure that is converted to JSON
JSON and logged.and logged.
By default, an `InMemoryTraceRepository` that stores the last 100 events is used. If you
By default, an `InMemoryTraceRepository` that stores the last 100 events is used. If you
need to expand the capacity, you can define your own instance of the
need to expand the capacity, you can define your own instance of the
`InMemoryTraceRepository` bean. You can also create your own alternative
`InMemoryTraceRepository` bean. You can also create your own alternative `TraceRepository`
`TraceRepository` implementation.implementation.
[[production-ready-process-monitoring]]
[[production-ready-process-monitoring]]
== Process Monitoring
== Process Monitoring
In the `spring-boot` module, you can find two classes to create files that are often useful
In the `spring-boot` module, you can find two classes to create files that are often
for process monitoring:
useful for process monitoring:
* `ApplicationPidFileWriter` creates a file containing the application PID (by default, in
* `ApplicationPidFileWriter` creates a file containing the application PID (by default, in
the application directory with the file name, `application.pid`).
the application directory with the file name, `application.pid`).
@ -1149,8 +1149,8 @@ described in the next section.
[[production-ready-process-monitoring-configuration]]
[[production-ready-process-monitoring-configuration]]
=== Extend Configuration
=== Extend Configuration
In the `META-INF/spring.factories` file, you can activate the listener(s) that
In the `META-INF/spring.factories` file, you can activate the listener(s) that writes a
writes a PID file, as shown in the following example:PID file, as shown in the following example:
[indent=0]
[indent=0]
----
----
@ -1164,8 +1164,8 @@ writes a PID file, as shown in the following example:
[[production-ready-process-monitoring-programmatically]]
[[production-ready-process-monitoring-programmatically]]
=== Programmatically
=== Programmatically
You can also activate a listener by invoking the `SpringApplication.addListeners(...)`
You can also activate a listener by invoking the `SpringApplication.addListeners(...)`
method and passing the appropriate `Writer` object. This method also lets you
method and passing the appropriate `Writer` object. This method also lets you customize
customize the file name and path in the `Writer` constructor.the file name and path in the `Writer` constructor.
@ -1175,10 +1175,10 @@ Spring Boot's actuator module includes additional support that is activated when
deploy to a compatible Cloud Foundry instance. The `/cloudfoundryapplication` path
deploy to a compatible Cloud Foundry instance. The `/cloudfoundryapplication` path
provides an alternative secured route to all `@Endpoint` beans.
provides an alternative secured route to all `@Endpoint` beans.
The extended support lets Cloud Foundry management UIs (such as the web
The extended support lets Cloud Foundry management UIs (such as the web application that
application that you can use to view deployed applications) be augmented with Springyou can use to view deployed applications) be augmented with Spring Boot actuator
Boot actuator information. For example, an application status page may include full healthinformation. For example, an application status page may include full health information
information instead of the typical "`running`" or "`stopped`" status.instead of the typical "`running`" or "`stopped`" status.
NOTE: The `/cloudfoundryapplication` path is not directly accessible to regular users.
NOTE: The `/cloudfoundryapplication` path is not directly accessible to regular users.
In order to use the endpoint, a valid UAA token must be passed with the request.
In order to use the endpoint, a valid UAA token must be passed with the request.
@ -1216,9 +1216,9 @@ services use self-signed certificates, you need to set the following property:
[[production-ready-cloudfoundry-custom-security]]
[[production-ready-cloudfoundry-custom-security]]
=== Custom Security Configuration
=== Custom Security Configuration
If you define custom security configuration and you want extended Cloud Foundry actuator
If you define custom security configuration and you want extended Cloud Foundry actuator
support, you should ensure that `/cloudfoundryapplication/**` paths are open. Without
support, you should ensure that `/cloudfoundryapplication/**` paths are open. Without a
a direct open route, your Cloud Foundry application manager is not able to obtaindirect open route, your Cloud Foundry application manager is not able to obtain endpoint
endpoint data.data.
For Spring Security, you typically include something like
For Spring Security, you typically include something like
`mvcMatchers("/cloudfoundryapplication/**").permitAll()` in your configuration, as shown
`mvcMatchers("/cloudfoundryapplication/**").permitAll()` in your configuration, as shown
@ -1237,7 +1237,6 @@ If you want to explore some of the concepts discussed in this chapter, you can t
look at the actuator {github-code}/spring-boot-samples[sample applications]. You also
look at the actuator {github-code}/spring-boot-samples[sample applications]. You also
might want to read about graphing tools such as http://graphite.wikidot.com/[Graphite].
might want to read about graphing tools such as http://graphite.wikidot.com/[Graphite].
Otherwise, you can continue on, to read about <<deployment.adoc#deployment,
Otherwise, you can continue on, to read about <<deployment.adoc#deployment, '`deployment
'`deployment options`'>> or jump ahead
options`'>> or jump ahead for some in-depth information about Spring Boot's
for some in-depth information about Spring Boot's
_<<build-tool-plugins.adoc#build-tool-plugins, build tool plugins>>_.
_<<build-tool-plugins.adoc#build-tool-plugins, build tool plugins>>_.
Andy Wilkinson
7 years ago