How do you enable actuator endpoints in Spring Boot?

Introduction
Conclusion

Introduction

Spring Boot Actuator is a powerful tool for monitoring and managing Spring Boot applications in production. By exposing a variety of management endpoints, Spring Boot Actuator allows you to monitor the health of your application, retrieve metrics, manage application settings, and more. However, by default, not all Actuator endpoints are enabled for security and performance reasons.

In this guide, we’ll explore how to enable and configure Actuator endpoints in Spring Boot, so you can leverage these features for monitoring and managing your application effectively.

Enabling Spring Boot Actuator Endpoints

By default, Spring Boot includes a set of useful management endpoints (like /actuator/health, /actuator/metrics, and /actuator/info) but doesn't expose them publicly for security reasons. To enable and expose Actuator endpoints, follow these steps:

1. Add Spring Boot Actuator Dependency

First, ensure that the Spring Boot Actuator dependency is included in your project. If it's not already added, you need to include it in your build configuration.

For Maven:

For Gradle:

This dependency provides the core functionality for all Actuator endpoints.

2. Expose Actuator Endpoints

Once the Actuator dependency is added, you need to configure which endpoints you want to expose. You can do this by configuring the management.endpoints.web.exposure.include property in your application.properties or application.yml file.

Exposing Specific Endpoints

To expose specific Actuator endpoints (e.g., health and metrics), use the following configuration in application.properties:

This will only expose the health and metrics endpoints, and others will be hidden by default.

Exposing All Endpoints

To expose all Actuator endpoints, use:

This configuration makes all Actuator endpoints, such as health, metrics, info, env, and others, accessible. Be cautious when using this setting, as it could potentially expose sensitive application data.

Excluding Specific Endpoints

If you want to expose all endpoints but exclude some, you can use management.endpoints.web.exposure.exclude:

This configuration will expose all endpoints except for env and heapdump.

3. Securing Actuator Endpoints

Actuator endpoints expose sensitive information about the application, such as configuration properties, system health, and environment details. Therefore, it is highly recommended to secure these endpoints, especially in production environments.

To secure Actuator endpoints, you can use Spring Security to apply authentication and authorization.

Example: Basic Authentication

Add the following to application.properties to configure basic authentication for Actuator endpoints:

In this example, the Actuator endpoints will require the username admin and the password adminpassword for access.

Alternatively, you can configure more granular security settings, such as restricting access to specific IP addresses or roles.

Example: Restrict Access to Specific Roles

In this case, only users with the ROLE_ADMIN authority can access the health endpoint.

4. Customizing Actuator Endpoints

In addition to exposing and securing the endpoints, you can also customize the behavior of certain Actuator endpoints. For example, you can control what information is included in the health check output, or you can define custom health indicators to monitor specific services.

Example: Customize Health Endpoint Details

This configuration will ensure that all details are included in the health check output, regardless of the access control settings.

Example: Show Only Status in Health Endpoint

This will restrict the health endpoint to only show the status field and exclude any further details.

Accessing Exposed Actuator Endpoints

Once the endpoints are enabled, you can access them via HTTP. By default, the Actuator endpoints are available under the /actuator path:

Health check:
http://localhost:8080/actuator/health
Metrics:
http://localhost:8080/actuator/metrics
Info:
http://localhost:8080/actuator/info
Environment:
http://localhost:8080/actuator/env

These URLs will provide you with valuable information about the state and configuration of your Spring Boot application.

Example Responses from Actuator Endpoints

Health Endpoint:
Metrics Endpoint:
Info Endpoint:

Configuring Actuator for Production Environments

For production environments, it is important to minimize the exposure of sensitive information. Some best practices for configuring Actuator in production include:

Limit Exposed Endpoints:
Only expose necessary endpoints, such as health and metrics. Avoid exposing sensitive endpoints like env, beans, and trace unless needed.
Use Secure Authentication:
Apply secure authentication methods like OAuth2 or Basic Authentication to restrict access to Actuator endpoints.
Use TLS:
Ensure that your Actuator endpoints are exposed over HTTPS to encrypt communication and prevent unauthorized access.
Monitor and Alert:
Integrate Actuator endpoints with monitoring and alerting systems like Prometheus or Datadog to automatically notify you when the application's health status changes.

Conclusion

Enabling Spring Boot Actuator endpoints is a straightforward process that gives you powerful tools for monitoring and managing your application. By configuring the management.endpoints.web.exposure.include property, you can expose specific or all Actuator endpoints, customize their output, and secure them to prevent unauthorized access.

In a production environment, it is essential to carefully select which endpoints to expose and ensure that they are protected by authentication and encryption. With Spring Boot Actuator, you can effectively monitor your application's health, gather metrics, and gain deeper insights into its performance.