The {github-code}/spring-boot-actuator[spring-boot-actuator] module provides all of
Spring Boot’s production-ready features. The simplest way to enable the features is to add
a dependency to the spring-boot-starter-actuator ‘Starter POM’.
An actuator is a manufacturing term, referring to a mechanical device for moving or controlling something. Actuators can generate a large amount of motion from a small change.
To add the actuator to a Maven based project, add the following ‘starter’ dependency:
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
</dependencies>For Gradle, use the declaration:
dependencies {
compile("org.springframework.boot:spring-boot-starter-actuator")
}Actuator endpoints allow you to monitor and interact with your application. Spring Boot
includes a number of built-in endpoints and you can also add your own. For example the
health endpoint provides basic application health information.
The way that endpoints are exposed will depend on the type of technology that you choose.
Most applications choose HTTP monitoring, where the ID of the endpoint is mapped
to a URL. For example, by default, the health endpoint will be mapped to /health.
The following endpoints are available:
| ID | Description | Sensitive |
|---|---|---|
|
Displays an auto-configuration report showing all auto-configuration candidates and the reason why they ‘were’ or ‘were not’ applied. |
true |
|
Displays a complete list of all the Spring Beans in your application. |
true |
|
Displays a collated list of all |
true |
|
Performs a thread dump. |
true |
|
Exposes properties from Spring’s |
true |
|
Shows application health information (a simple ‘status’ when accessed over an unauthenticated connection or full message details when authenticated). |
false |
|
Displays arbitrary application info. |
false |
|
Shows ‘metrics’ information for the current application. |
true |
|
Displays a collated list of all |
true |
|
Allows the application to be gracefully shutdown (not enabled by default). |
true |
|
Displays trace information (by default the last few HTTP requests). |
true |
|
Note
|
Depending on how an endpoint is exposed, the sensitive parameter may be used as
a security hint. For example, sensitive endpoints will require a username/password when
they are accessed over HTTP (or simply disabled if web security is not enabled).
|
Endpoints can be customized using Spring properties. You can change if an endpoint is
enabled, if it is considered sensitive and even its id.
For example, here is an application.properties that changes the sensitivity and id
of the beans endpoint and also enables shutdown.
endpoints.beans.id=springbeans
endpoints.beans.sensitive=false
endpoints.shutdown.enabled=true|
Note
|
The prefix ‟endpoints + . + name” is used to uniquely identify the endpoint
that is being configured.
|
By default, all endpoints except for shutdown are enabled. If you prefer to
specifically “opt-in” endpoint enablement you can use the endpoints.enabled property.
For example, the following will disable all endpoints except for info:
endpoints.enabled=false
endpoints.info.enabled=trueHealth information can be used to check the status of your running application. It is
often used by monitoring software to alert someone if a production system goes down.
The default information exposed by the health endpoint depends on how it is accessed.
For an insecure unauthenticated connection a simple ‘status’ message is returned, for a
secure or authenticated connection additional details are also displayed (see
HTTP Health endpoint access restrictions for HTTP details).
Health information is collected from all
{sc-spring-boot-actuator}/health/HealthIndicator.{sc-ext}[HealthIndicator] beans defined
in your ApplicationContext. Spring Boot includes a number of auto-configured
HealthIndicators and you can also write your own.
Information returned by HealthIndicators is often somewhat sensitive in nature. For
example, you probably don’t want to publish details of your database server to the
world. For this reason, by default, only the health status is exposed over an
unauthenticated HTTP connection. If you are happy for complete health information to always
be exposed you can set endpoints.health.sensitive to false.
Health responses are also cached to prevent “denial of service” attacks. Use the
endpoints.health.time-to-live property if you want to change the default cache period
of 1000 milliseconds.
The following HealthIndicators are auto-configured by Spring Boot when appropriate:
| Name | Description |
|---|---|
{sc-spring-boot-actuator}/health/DiskSpaceHealthIndicator.{sc-ext}[ |
Checks for low disk space. |
{sc-spring-boot-actuator}/health/DataSourceHealthIndicator.{sc-ext}[ |
Checks that a connection to |
{sc-spring-boot-actuator}/health/MongoHealthIndicator.{sc-ext}[ |
Checks that a Mongo database is up. |
{sc-spring-boot-actuator}/health/RabbitHealthIndicator.{sc-ext}[ |
Checks that a Rabbit server is up. |
{sc-spring-boot-actuator}/health/RedisHealthIndicator.{sc-ext}[ |
Checks that a Redis server is up. |
{sc-spring-boot-actuator}/health/SolrHealthIndicator.{sc-ext}[ |
Checks that a Solr server is up. |
To provide custom health information you can register Spring beans that implement the
{sc-spring-boot-actuator}/health/HealthIndicator.{sc-ext}[HealthIndicator] interface.
You need to provide an implementation of the health() method and return a Health
response. The Health response should include a status and can optionally include
additional details to be displayed.
import org.springframework.boot.actuate.health.HealthIndicator;
import org.springframework.stereotype.Component;
@Component
public class MyHealth implements HealthIndicator {
@Override
public Health health() {
int errorCode = check(); // perform some specific health check
if (errorCode != 0) {
return Health.down().withDetail("Error Code", errorCode).build();
}
return Health.up().build();
}
}In addition to Spring Boot’s predefined {sc-spring-boot-actuator}/health/Status.{sc-ext}[Status]
types, it is also possible for Health to return a custom Status that represents a
new system state. In such cases a custom implementation of the
{sc-spring-boot-actuator}/health/HealthAggregator.{sc-ext}[HealthAggregator]
interface also needs to be provided, or the default implementation has to be configured
using the management.health.status.order configuration property.
For example, assuming a new Status with code FATAL is being used in one of your
HealthIndicator implementations. To configure the severity order add the following
to your application properties:
management.health.status.order: DOWN, OUT_OF_SERVICE, UNKNOWN, UPYou might also want to register custom status mappings with the HealthMvcEndpoint
if you access the health endpoint over HTTP. For example you could map FATAL to
HttpStatus.SERVICE_UNAVAILABLE.
You can customize the data exposed by the info endpoint by setting info.* Spring
properties. All Environment properties under the info key will be automatically
exposed. For example, you could add the following to your application.properties:
info.app.name=MyService
info.app.description=My awesome service
info.app.version=1.0.0Rather than hardcoding some properties that are also specified in your project’s build configuration, you can automatically expand info properties using the existing build configuration instead. This is possible in both Maven and Gradle.
You can automatically expand info properties from the Maven project using resource
filtering. If you use the spring-boot-starter-parent you can then refer to your
Maven ‘project properties’ via @..@ placeholders, e.g.
project.artifactId=myproject
project.name=Demo
project.version=X.X.X.X
project.description=Demo project for info endpoint
info.build.artifact=@project.artifactId@
info.build.name=@project.name@
info.build.description=@project.description@
info.build.version=@project.version@|
Note
|
In the above example we used project.* to set some values to be used as
fallbacks if the Maven resource filtering has not been switched on for some reason.
|
|
Note
|
If you don’t use the starter parent, in your pom.xml you need (inside the <build/> element):
|
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>and (inside <plugins/>):
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<version>2.6</version>
<configuration>
<delimiters>
<delimiter>@</delimiter>
</delimiters>
</configuration>
</plugin>You can automatically expand info properties from the Gradle project by configuring
the Java plugin’s processResources task to do so:
processResources {
expand(project.properties)
}You can then refer to your Gradle project’s properties via placeholders, e.g.
info.build.name=${name}
info.build.description=${description}
info.build.version=${version}Another useful feature of the info endpoint is its ability to publish information
about the state of your git source code repository when the project was built. If a
git.properties file is contained in your jar the git.branch and git.commit
properties will be loaded.
For Maven users the spring-boot-starter-parent POM includes a pre-configured plugin to
generate a git.properties file. Simply add the following declaration to your POM:
<build>
<plugins>
<plugin>
<groupId>pl.project13.maven</groupId>
<artifactId>git-commit-id-plugin</artifactId>
</plugin>
</plugins>
</build>A similar gradle-git plugin is also available
for Gradle users, although a little more work is required to generate the properties file.
If you are developing a Spring MVC application, Spring Boot Actuator will auto-configure
all enabled endpoints to be exposed over HTTP. The default convention is to use the
id of the endpoint as the URL path. For example, health is exposed as /health.
If you add ‘Spring Security’ to your project, all sensitive endpoints exposed over HTTP
will be protected. By default ‘basic’ authentication will be used with the username
user and a generated password (which is printed on the console when the application
starts).
|
Tip
|
Generated passwords are logged as the application starts. Search for ‘Using default security password’. |
You can use Spring properties to change the username and password and to change the
security role required to access the endpoints. For example, you might set the following
in your application.properties:
security.user.name=admin
security.user.password=secret
management.security.role=SUPERUSER|
Tip
|
If you don’t use Spring Security and your HTTP endpoints are exposed publicly,
you should carefully consider which endpoints you enable. See
Customizing endpoints for details of how you can set
endpoints.enabled to false then “opt-in” only specific endpoints.
|
Sometimes it is useful to group all management endpoints under a single path. For example,
your application might already use /info for another purpose. You can use the
management.contextPath property to set a prefix for your management endpoint:
management.context-path=/manageThe application.properties example above will change the endpoint from /{id} to
/manage/{id} (e.g. /manage/info).
Exposing management endpoints using the default HTTP port is a sensible choice for cloud based deployments. If, however, your application runs inside your own data center you may prefer to expose endpoints using a different HTTP port.
The management.port property can be used to change the HTTP port.
management.port=8081Since your management port is often protected by a firewall, and not exposed to the public you might not need security on the management endpoints, even if your main application is secure. In that case you will have Spring Security on the classpath, and you can disable management security like this:
management.security.enabled=false(If you don’t have Spring Security on the classpath then there is no need to explicitly disable the management security in this way, and it might even break the application.)
You can customize the address that the management endpoints are available on by
setting the management.address property. This can be useful if you want to
listen only on an internal or ops-facing network, or to only listen for connections from
localhost.
|
Note
|
You can only listen on a different address if the port is different to the main server port. |
Here is an example application.properties that will not allow remote management
connections:
management.port=8081
management.address=127.0.0.1If you don’t want to expose endpoints over HTTP you can set the management port to -1:
management.port=-1The information exposed by the health endpoint varies depending on whether or not it’s
accessed anonymously. By default, when accessed anonymously, any details about the
server’s health are hidden and the endpoint will simply indicate whether or not the server
is up or down. Furthermore, when accessed anonymously, the response is cached for a
configurable period to prevent the endpoint being used in a denial of service attack.
The endpoints.health.time-to-live property is used to configure the caching period in
milliseconds. It defaults to 1000, i.e. one second.
The above-described restrictions can be disabled, thereby allowing anonymous users full
access to the health endpoint. To do so, set endpoints.health.sensitive to false.
Java Management Extensions (JMX) provide a standard mechanism to monitor and manage
applications. By default Spring Boot will expose management endpoints as JMX MBeans
under the org.springframework.boot domain.
The name of the MBean is usually generated from the id of the endpoint. For example
the health endpoint is exposed as org.springframework.boot/Endpoint/HealthEndpoint.
If your application contains more than one Spring ApplicationContext you may find that
names clash. To solve this problem you can set the endpoints.jmx.uniqueNames property
to true so that MBean names are always unique.
You can also customize the JMX domain under which endpoints are exposed. Here is an
example application.properties:
endpoints.jmx.domain=myapp
endpoints.jmx.uniqueNames=trueIf you don’t want to expose endpoints over JMX you can set the spring.jmx.enabled
property to false:
spring.jmx.enabled=falseJolokia is a JMX-HTTP bridge giving an alternative method of accessing JMX beans. To
use Jolokia, simply include a dependency to org.jolokia:jolokia-core. For example,
using Maven you would add the following:
<dependency>
<groupId>org.jolokia</groupId>
<artifactId>jolokia-core</artifactId>
</dependency>Jolokia can then be accessed using /jolokia on your management HTTP server.
Jolokia has a number of settings that you would traditionally configure using servlet
parameters. With Spring Boot you can use your application.properties, simply prefix the
parameter with jolokia.config.:
jolokia.config.debug=trueSpring Boot supports an integrated Java shell called ‘CRaSH’. You can use CRaSH to
ssh or telnet into your running application. To enable remote shell support add a
dependency to spring-boot-starter-remote-shell:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-remote-shell</artifactId>
</dependency>|
Tip
|
If you want to also enable telnet access your will additionally need a dependency
on org.crsh:crsh.shell.telnet.
|
By default the remote shell will listen for connections on port 2000. The default user
is user and the default password will be randomly generated and displayed in the log
output. If your application is using Spring Security, the shell will use
the same configuration by default. If not, a simple
authentication will be applied and you should see a message like this:
Using default password for shell access: ec03e16c-4cf4-49ee-b745-7c8255c1dd7e
Linux and OSX users can use ssh to connect to the remote shell, Windows users can
download and install PuTTY.
$ ssh -p 2000 user@localhost
user@localhost's password:
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v{spring-boot-version}) on myhost
Type help for a list of commands. Spring boot provides metrics, beans, autoconfig
and endpoint commands.
You can use the shell.auth.simple.user.name and shell.auth.simple.user.password properties
to configure custom connection credentials. It is also possible to use a
‘Spring Security’ AuthenticationManager to handle login duties. See the
{dc-spring-boot-actuator}/autoconfigure/CrshAutoConfiguration.{dc-ext}[CrshAutoConfiguration]
and {dc-spring-boot-actuator}/autoconfigure/ShellProperties.{dc-ext}[ShellProperties]
Javadoc for full details.
The remote shell can be extended in a number of interesting ways.
You can write additional shell commands using Groovy or Java (see the CRaSH documentation for details). By default Spring Boot will search for commands in the following locations:
-
classpath*:/commands/** -
classpath*:/crash/commands/**
|
Tip
|
You can change the search path by settings a shell.commandPathPatterns property.
|
Here is a simple ‘hello world’ command that could be loaded from
src/main/resources/commands/hello.groovy
package commands
import org.crsh.cli.Usage
import org.crsh.cli.Command
class hello {
@Usage("Say Hello")
@Command
def main(InvocationContext context) {
return "Hello"
}
}Spring Boot adds some additional attributes to InvocationContext that you can access
from your command:
| Attribute Name | Description |
|---|---|
|
The version of Spring Boot |
|
The version of the core Spring Framework |
|
Access to the Spring |
|
Access to the Spring |
In addition to new commands, it is also possible to extend other CRaSH shell features.
All Spring Beans that extend org.crsh.plugin.CRaSHPlugin will be automatically
registered with the shell.
For more information please refer to the CRaSH reference documentation.
Spring Boot Actuator includes a metrics service with ‘gauge’ and ‘counter’ support.
A ‘gauge’ records a single value; and a ‘counter’ records a delta (an increment or
decrement). Spring Boot Actuator also provides a
{sc-spring-boot-actuator}/endpoint/PublicMetrics.{sc-ext}[PublicMetrics] interface that
you can implement to expose metrics that you cannot record via one of those two
mechanisms. Look at {sc-spring-boot-actuator}/endpoint/SystemPublicMetrics.{sc-ext}[SystemPublicMetrics]
for an example.
Metrics for all HTTP requests are automatically recorded, so if you hit the metrics
endpoint you should see a response similar to this:
{
"counter.status.200.root": 20,
"counter.status.200.metrics": 3,
"counter.status.200.star-star": 5,
"counter.status.401.root": 4,
"gauge.response.star-star": 6,
"gauge.response.root": 2,
"gauge.response.metrics": 3,
"classes": 5808,
"classes.loaded": 5808,
"classes.unloaded": 0,
"heap": 3728384,
"heap.committed": 986624,
"heap.init": 262144,
"heap.used": 52765,
"mem": 986624,
"mem.free": 933858,
"processors": 8,
"threads": 15,
"threads.daemon": 11,
"threads.peak": 15,
"uptime": 494836,
"instance.uptime": 489782,
"datasource.primary.active": 5,
"datasource.primary.usage": 0.25
}Here we can see basic memory, heap, class loading, processor and thread pool
information along with some HTTP metrics. In this instance the root (‘/’) and /metrics
URLs have returned HTTP 200 responses 20 and 3 times respectively. It also appears
that the root URL returned HTTP 401 (unauthorized) 4 times. The double asterix (star-star)
comes from a request matched by Spring MVC as /** (normally a static resource).
The gauge shows the last response time for a request. So the last request to root took
2ms to respond and the last to /metrics took 3ms.
|
Note
|
In this example we are actually accessing the endpoint over HTTP using the
/metrics URL, this explains why metrics appears in the response.
|
The following system metrics are exposed by Spring Boot:
-
The total system memory in Kb (
mem) -
The amount of free memory in Kb (
mem.free) -
The number of processors (
processors) -
The system uptime in milliseconds (
uptime) -
The application context uptime in milliseconds (
instance.uptime) -
The average system load (
systemload.average) -
Heap information in Kb (
heap,heap.committed,heap.init,heap.used) -
Thread information (
threads,thread.peak,thead.daemon) -
Class load information (
classes,classes.loaded,classes.unloaded) -
Garbage collection information (
gc.xxx.count,gc.xxx.time)
The following metrics are exposed for each supported DataSource defined in your
application:
-
The maximum number connections (
datasource.xxx.max). -
The minimum number of connections (
datasource.xxx.min). -
The number of active connections (
datasource.xxx.active) -
The current usage of the connection pool (
datasource.xxx.usage).
All data source metrics share the datasource. prefix. The prefix is further qualified
for each data source:
-
If the data source is the primary data source (that is either the only available data source or the one flagged
@Primaryamongst the existing ones), the prefix isdatasource.primary. -
If the data source bean name ends with
dataSource, the prefix is the name of the bean withoutdataSource(i.e.datasource.batchforbatchDataSource). -
In all other cases, the name of the bean is used.
It is possible to override part or all of those defaults by registering a bean with a
customized version of DataSourcePublicMetrics. By default, Spring Boot provides metadata
for all supported datasources; you can add additional DataSourcePoolMetadataProvider
beans if your favorite data source isn’t supported out of the box. See
DataSourcePoolMetadataProvidersConfiguration for examples.
If you are using Tomcat as your embedded servlet container, session metrics will
automatically be exposed. The httpsessions.active and httpsessions.max keys provide
the number of active and maximum sessions.
To record your own metrics inject a
{sc-spring-boot-actuator}/metrics/CounterService.{sc-ext}[CounterService] and/or
{sc-spring-boot-actuator}/metrics/GaugeService.{sc-ext}[GaugeService] into
your bean. The CounterService exposes increment, decrement and reset methods; the
GaugeService provides a submit method.
Here is a simple example that counts the number of times that a method is invoked:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.actuate.metrics.CounterService;
import org.springframework.stereotype.Service;
@Service
public class MyService {
private final CounterService counterService;
@Autowired
public MyService(CounterService counterService) {
this.counterService = counterService;
}
public void exampleMethod() {
this.counterService.increment("services.system.myservice.invoked");
}
}|
Tip
|
You can use any string as a metric name but you should follow guidelines of your chosen store/graphing technology. Some good guidelines for Graphite are available on Matt Aimonetti’s Blog. |
To add additional metrics that are computed every time the metrics endpoint is invoked,
simply register additional PublicMetrics implementation bean(s). By default, all such
beans are gathered by the endpoint. You can easily change that by defining your own
MetricsEndpoint.
Metric service implementations are usually bound to a
{sc-spring-boot-actuator}/metrics/repository/MetricRepository.{sc-ext}[MetricRepository].
A MetricRepository is responsible for storing and retrieving metric information. Spring
Boot provides an InMemoryMetricRepository and a RedisMetricRepository out of the
box (the in-memory repository is the default) but you can also write your own. The
MetricRepository interface is actually composed of higher level MetricReader and
MetricWriter interfaces. For full details refer to the
{dc-spring-boot-actuator}/metrics/repository/MetricRepository.{dc-ext}[Javadoc].
There’s nothing to stop you hooking a MetricRepository with back-end storage directly
into your app, but we recommend using the default InMemoryMetricRepository
(possibly with a custom Map instance if you are worried about heap usage) and
populating a back-end repository through a scheduled export job. In that way you get
some buffering in memory of the metric values and you can reduce the network
chatter by exporting less frequently or in batches. Spring Boot provides
an Exporter interface and a few basic implementations for you to get started with that.
User of the Dropwizard ‘Metrics’ library will
automatically find that Spring Boot metrics are published to
com.codahale.metrics.MetricRegistry. A default com.codahale.metrics.MetricRegistry
Spring bean will be created when you declare a dependency to the
io.dropwizard.metrics:metrics-core library; you can also register you own @Bean
instance if you need customizations. Metrics from the MetricRegistry are also
automatically exposed via the /metrics endpoint
Users can create Dropwizard metrics by prefixing their metric names with the appropriate
type (e.g. histogram.*, meter.*).
If the ‘Spring Messaging’ jar is on your classpath a MessageChannel called
metricsChannel is automatically created (unless one already exists). All metric update
events are additionally published as ‘messages’ on that channel. Additional analysis or
actions can be taken by clients subscribing to that channel.
Spring Boot Actuator has a flexible audit framework that will publish events once Spring Security is in play (‘authentication success’, ‘failure’ and ‘access denied’ exceptions by default). This can be very useful for reporting, and also to implement a lock-out policy based on authentication failures.
You can also choose to use the audit services for your own business events. To do that
you can either inject the existing AuditEventRepository into your own components and
use that directly, or you can simply publish AuditApplicationEvent via the Spring
ApplicationEventPublisher (using ApplicationEventPublisherAware).
Tracing is automatically enabled for all HTTP requests. You can view the trace endpoint
and obtain basic information about the last few requests:
[{
"timestamp": 1394343677415,
"info": {
"method": "GET",
"path": "/trace",
"headers": {
"request": {
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Connection": "keep-alive",
"Accept-Encoding": "gzip, deflate",
"User-Agent": "Mozilla/5.0 Gecko/Firefox",
"Accept-Language": "en-US,en;q=0.5",
"Cookie": "_ga=GA1.1.827067509.1390890128; ..."
"Authorization": "Basic ...",
"Host": "localhost:8080"
},
"response": {
"Strict-Transport-Security": "max-age=31536000 ; includeSubDomains",
"X-Application-Context": "application:8080",
"Content-Type": "application/json;charset=UTF-8",
"status": "200"
}
}
}
},{
"timestamp": 1394343684465,
...
}]If you need to trace additional events you can inject a
{sc-spring-boot-actuator}/trace/TraceRepository.{sc-ext}[TraceRepository] into your
Spring Beans. The add method accepts a single Map structure that will be converted to
JSON and logged.
By default an InMemoryTraceRepository will be used that stores the last 100 events. You
can define your own instance of the InMemoryTraceRepository bean if you need to expand
the capacity. You can also create your own alternative TraceRepository implementation
if needed.
In Spring Boot Actuator you can find a couple of classes to create files that are useful for process monitoring:
-
ApplicationPidFileWritercreates a file containing the application PID (by default in the application directory with the file nameapplication.pid). -
EmbeddedServerPortFileWritercreates a file (or files) containing the ports of the embedded server (by default in the application directory with the file nameapplication.port).
These writers are not activated by default, but you can enable them in one of the ways described below.
In META-INF/spring.factories file you have to activate the listener(s):
org.springframework.context.ApplicationListener=\ org.springframework.boot.actuate.system.ApplicationPidFileWriter, org.springframework.boot.actuate.system.EmbeddedServerPortFileWriter
If you want to explore some of the concepts discussed in this chapter, you can take a look at the actuator {github-code}/spring-boot-samples[sample applications]. You also might want to read about graphing tools such as Graphite.
Otherwise, you can continue on, to read about ‘cloud deployment options’ or jump ahead for some in-depth information about Spring Boot’s build tool plugins.