The {github-code}/spring-boot-actuator[spring-boot-actuator] module provides all of
Spring Boot’s production-ready features. The simplest way to enable the features is to add
a dependency to the spring-boot-starter-actuator ``Starter POM''.
An actuator is a manufacturing term, referring to a mechanical device for moving or controlling something. Actuators can generate a large amount of motion from a small change.
To add the actuator to a Maven based project, add the following ``starter'' dependency:
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
</dependencies>For Gradle, use the declaration:
dependencies {
compile("org.springframework.boot:spring-boot-starter-actuator")
}Actuator endpoints allow you to monitor and interact with your application. Spring Boot
includes a number of built-in endpoints and you can also add your own. For example the
health endpoint provides basic application health information.
The way that endpoints are exposed will depend on the type of technology that you choose.
Most applications choose HTTP monitoring, where the ID of the endpoint is mapped
to a URL. For example, by default, the health endpoint will be mapped to /health.
The following endpoints are available:
| ID | Description | Sensitive |
|---|---|---|
|
Displays an auto-configuration report showing all auto-configuration candidates and the
reason why they |
true |
|
Displays a complete list of all the Spring Beans in your application. |
true |
|
Displays a collated list of all |
true |
|
Performs a thread dump. |
true |
|
Exposes properties from Spring’s |
true |
|
Shows application health information (defaulting to a simple ``OK'' message). |
false |
|
Displays arbitrary application info. |
false |
|
Shows ``metrics'' information for the current application. |
true |
|
Displays a collated list of all |
true |
|
Allows the application to be gracefully shutdown (not enabled by default). |
true |
|
Displays trace information (by default the last few HTTP requests). |
true |
|
Note
|
Depending on how an endpoint is exposed, the sensitive parameter may be used as
a security hint. For example, sensitive endpoints will require a username/password when
they are accessed over HTTP (or simply disabled if web security is not enabled).
|
Endpoints can be customized using Spring properties. You can change if an endpoint is
enabled, if it is considered sensitive and even its id.
For example, here is an application.properties that changes the sensitivity and id
of the beans endpoint and also enables shutdown.
endpoints.beans.id=springbeans
endpoints.beans.sensitive=false
endpoints.shutdown.enabled=true|
Note
|
The prefix “endpoints` + . + `name” is used to uniquely identify the endpoint
that is being configured.
|
The default information exposed by the health endpoint is a simple ``OK'' message. It
is often useful to perform some additional health checks, for example you might check
that a database connection works, or that a remote REST endpoint is functioning.
To provide custom health information you can register a Spring bean that implements the
{sc-spring-boot-actuator}/health/HealthIndicator.{sc-ext}[HealthIndicator] interface.
import org.springframework.boot.actuate.health.HealthIndicator;
import org.springframework.stereotype.Component;
@Component
public class MyHealth implements HealthIndicator {
@Override
public Health health() {
// perform some specific health check
return ...
}
}Spring Boot provides a
{sc-spring-boot-actuator}/health/DataSourceHealthIndicator.{sc-ext}[DataSourceHealthIndicator]
implementation that attempts a simple database test (reusing the validation query set on the data
source, if any) as well as implementations for Redis, MongoDB and RabbitMQ.
Spring Boot adds the HealthIndicator instances automatically if beans of type DataSource,
MongoTemplate, RedisConnectionFactory, RabbitTemplate are present in the ApplicationContext.
Besides implementing custom a HealthIndicator type and using out-of-box {sc-spring-boot-actuator}/health/Status.{sc-ext}[Status]
types, it is also possible to introduce custom Status types for different or more complex system
states. In that case a custom implementation of the {sc-spring-boot-actuator}/health/HealthAggregator.{sc-ext}[HealthAggregator]
interface needs to be provided or the default implementation has to be configured using the
health.status.order configuration property.
Assuming a new Status with code FATAL is being used in one of your HealthIndicator
implementations. To configure the severity or order add the following to your application properties:
health.status.order: FATAL, DOWN, UNKNOWN, UP.
You can customize the data exposed by the info endpoint by setting info.* Spring
properties. All Environment properties under the info key will be automatically
exposed. For example, you could add the following to your application.properties:
info.app.name=MyService
info.app.description=My awesome service
info.app.version=1.0.0Rather than hardcoding some properties that are also specified in your project’s build configuration, you can automatically expand info properties using the existing build configuration instead. This is possible in both Maven and Gradle.
You can automatically expand info properties from the Maven project using resource
filtering. In your pom.xml you have (inside the <build/> element):
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>You can then refer to your Maven ``project properties'' via placeholders, e.g.
project.artifactId=myproject
project.name=Demo
project.version=X.X.X.X
project.description=Demo project for info endpoint
info.build.artifact=${project.artifactId}
info.build.name=${project.name}
info.build.description=${project.description}
info.build.version=${project.version}|
Note
|
In the above example we used project.* to set some values to be used as
fallbacks if the Maven resource filtering has not been switched on for some reason.
|
You can automatically expand info properties from the Gradle project by configuring
the Java plugin’s processResources task to do so:
processResources {
expand(project.properties)
}You can then refer to your Gradle project’s properties via placeholders, e.g.
info.build.name=${name}
info.build.description=${description}
info.build.version=${version}Another useful feature of the info endpoint is its ability to publish information
about the state of your git source code repository when the project was built. If a
git.properties file is contained in your jar the git.branch and git.commit
properties will be loaded.
For Maven users the spring-boot-starter-parent POM includes a pre-configured plugin to
generate a git.properties file. Simply add the following declaration to your POM:
<build>
<plugins>
<plugin>
<groupId>pl.project13.maven</groupId>
<artifactId>git-commit-id-plugin</artifactId>
</plugin>
</plugins>
</build>A similar gradle-git plugin is also available
for Gradle users, although a little more work is required to generate the properties file.
If you are developing a Spring MVC application, Spring Boot Actuator will auto-configure
all non-sensitive endpoints to be exposed over HTTP. The default convention is to use the
id of the endpoint as the URL path. For example, health is exposed as /health.
If you use Spring Security'' sensitive endpoints will be exposed over HTTP, but also
protected. By default basic'' authentication will be used with the username user
and a generated password (which is printed on the console when the application starts).
|
Tip
|
Generated passwords are logged as the application starts. Search for ``Using default security password''. |
You can use Spring properties to change the username and password and to change the
security role required to access the endpoints. For example, you might set the following
in your application.properties:
security.user.name=admin
security.user.password=secret
management.security.role=SUPERUSERSometimes it is useful to group all management endpoints under a single path. For example,
your application might already use /info for another purpose. You can use the
management.contextPath property to set a prefix for your management endpoint:
management.context-path=/manageThe application.properties example above will change the endpoint from /{id} to
/manage/{id} (e.g. /manage/info).
Exposing management endpoints using the default HTTP port is a sensible choice for cloud based deployments. If, however, your application runs inside your own data center you may prefer to expose endpoints using a different HTTP port.
The management.port property can be used to change the HTTP port.
management.port=8081Since your management port is often protected by a firewall, and not exposed to the public you might not need security on the management endpoints, even if your main application is secure. In that case you will have Spring Security on the classpath, and you can disable management security like this:
management.security.enabled=false(If you don’t have Spring Security on the classpath then there is no need to explicitly disable the management security in this way, and it might even break the application.)
You can customize the address that the management endpoints are available on by
setting the management.address property. This can be useful if you want to
listen only on an internal or ops-facing network, or to only listen for connections from
localhost.
|
Note
|
You can only listen on a different address if the port is different to the main server port. |
Here is an example application.properties that will not allow remote management
connections:
management.port=8081
management.address=127.0.0.1Java Management Extensions (JMX) provide a standard mechanism to monitor and manage
applications. By default Spring Boot will expose management endpoints as JMX MBeans
under the org.springframework.boot domain.
The name of the MBean is usually generated from the id of the endpoint. For example
the health endpoint is exposed as org.springframework.boot/Endpoint/HealthEndpoint.
If your application contains more than one Spring ApplicationContext you may find that
names clash. To solve this problem you can set the endpoints.jmx.uniqueNames property
to true so that MBean names are always unique.
You can also customize the JMX domain under which endpoints are exposed. Here is an
example application.properties:
endpoints.jmx.domain=myapp
endpoints.jmx.uniqueNames=trueIf you don’t want to expose endpoints over JMX you can set the spring.jmx.enabled
property to false:
spring.jmx.enabled=falseJolokia is a JMX-HTTP bridge giving an alternative method of accessing JMX beans. To
use Jolokia, simply include a dependency to org.jolokia:jolokia-core. For example,
using Maven you would add the following:
<dependency>
<groupId>org.jolokia</groupId>
<artifactId>jolokia-core</artifactId>
</dependency>Jolokia can then be accessed using /jolokia on your management HTTP server.
Jolokia has a number of settings that you would traditionally configure using servlet
parameters. With Spring Boot you can use your application.properties, simply prefix the
parameter with jolokia.config.:
jolokia.config.debug=trueSpring Boot supports an integrated Java shell called `CRaSH''. You can use CRaSH to
`ssh or telnet into your running application. To enable remote shell support add a
dependency to spring-boot-starter-remote-shell:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-remote-shell</artifactId>
</dependency>|
Tip
|
If you want to also enable telnet access your will additionally need a dependency
on org.crsh:crsh.shell.telnet.
|
By default the remote shell will listen for connections on port 2000. The default user
is user and the default password will be randomly generated and displayed in the log
output. If your application is using Spring Security, the shell will use
the same configuration by default. If not, a simple
authentication will be applied and you should see a message like this:
Using default password for shell access: ec03e16c-4cf4-49ee-b745-7c8255c1dd7e
Linux and OSX users can use ssh to connect to the remote shell, Windows users can
download and install PuTTY.
$ ssh -p 2000 user@localhost
user@localhost's password:
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v{spring-boot-version}) on myhost
Type help for a list of commands. Spring boot provides metrics, beans, autoconfig
and endpoint commands.
You can use the shell.auth.simple.user.name and shell.auth.simple.user.password properties
to configure custom connection credentials. It is also possible to use a
`Spring Security'' `AuthenticationManager to handle login duties. See the
{dc-spring-boot-actuator}/autoconfigure/CrshAutoConfiguration.{dc-ext}[CrshAutoConfiguration]
and {dc-spring-boot-actuator}/autoconfigure/ShellProperties.{dc-ext}[ShellProperties]
Javadoc for full details.
The remote shell can be extended in a number of interesting ways.
You can write additional shell commands using Groovy or Java (see the CRaSH documentation for details). By default Spring Boot will search for commands in the following locations:
-
classpath*:/commands/** -
classpath*:/crash/commands/**
|
Tip
|
You can change the search path by settings a shell.commandPathPatterns property.
|
Here is a simple `hello world'' command that could be loaded from
`src/main/resources/commands/hello.groovy
package commands
import org.crsh.cli.Usage
import org.crsh.cli.Command
class hello {
@Usage("Say Hello")
@Command
def main(InvocationContext context) {
return "Hello"
}
}Spring Boot adds some additional attributes to InvocationContext that you can access
from your command:
| Attribute Name | Description |
|---|---|
|
The version of Spring Boot |
|
The version of the core Spring Framework |
|
Access to the Spring |
|
Access to the Spring |
In addition to new commands, it is also possible to extend other CRaSH shell features.
All Spring Beans that extends org.crsh.plugin.CRaSHPlugin will be automatically
registered with the shell.
For more information please refer to the CRaSH reference documentation.
Spring Boot Actuator includes a metrics service with gauge'' and counter'' support.
A gauge'' records a single value; and a counter'' records a delta (an increment or
decrement). Spring Boot Actuator also provides a
{sc-spring-boot-actuator}/endpoint/PublicMetrics.{sc-ext}[PublicMetrics] interface that
you can implement to expose metrics that you cannot record via one of those two
mechanisms. Look at {sc-spring-boot-actuator}/endpoint/SystemPublicMetrics.{sc-ext}[SystemPublicMetrics]
for an example.
Metrics for all HTTP requests are automatically recorded, so if you hit the metrics
endpoint you should see a response similar to this:
{
"counter.status.200.root": 20,
"counter.status.200.metrics": 3,
"counter.status.200.star-star": 5,
"counter.status.401.root": 4,
"gauge.response.star-star": 6,
"gauge.response.root": 2,
"gauge.response.metrics": 3,
"classes": 5808,
"classes.loaded": 5808,
"classes.unloaded": 0,
"heap": 3728384,
"heap.committed": 986624,
"heap.init": 262144,
"heap.used": 52765,
"mem": 986624,
"mem.free": 933858,
"processors": 8,
"threads": 15,
"threads.daemon": 11,
"threads.peak": 15,
"uptime": 494836,
"instance.uptime": 489782,
"datasource.primary.active": 5,
"datasource.primary.usage": 0.25
}Here we can see basic memory, heap, class loading, processor and thread pool
information along with some HTTP metrics. In this instance the root (`/'') and `/metrics
URLs have returned HTTP 200 responses 20 and 3 times respectively. It also appears
that the root URL returned HTTP 401 (unauthorized) 4 times. The double asterix (star-star)
comes from a request matched by Spring MVC as /** (normally a static resource).
The gauge shows the last response time for a request. So the last request to root took
2ms to respond and the last to /metrics took 3ms.
|
Note
|
In this example we are actually accessing the endpoint over HTTP using the
/metrics URL, this explains why metrics appears in the response.
|
The following metrics are exposed for each supported DataSource defined in your
application:
-
The maximum number connections (
datasource.xxx.max). -
The minimum number of connections (
datasource.xxx.min). -
The number of active connections (
datasource.xxx.active) -
The current usage of the connection pool (
datasource.xxx.usage).
All data source metrics share the datasource. prefix. The prefix is further qualified
for each data source:
-
If the data source is the primary data source (that is either the only available data source or the one flagged
@Primaryamongst the existing ones), the prefix isdatasource.primary. -
If the data source bean name ends with
dataSource, the prefix is the name of the bean withoutdataSource(i.e.datasource.batchforbatchDataSource). -
In all other cases, the name of the bean is used.
It is possible to override part or all of those defaults by registering a bean with a
customized version of DataSourcePublicMetrics. By default, Spring Boot provides metadata
for all supported datasources; you can add additional DataSourcePoolMetadataProvider
beans if your favorite data source isn’t supported out of the box. See
DataSourcePoolMetadataProvidersConfiguration for examples.
To record your own metrics inject a
{sc-spring-boot-actuator}/metrics/CounterService.{sc-ext}[CounterService] and/or
{sc-spring-boot-actuator}/metrics/GaugeService.{sc-ext}[GaugeService] into
your bean. The CounterService exposes increment, decrement and reset methods; the
GaugeService provides a submit method.
Here is a simple example that counts the number of times that a method is invoked:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.actuate.metrics.CounterService;
import org.springframework.stereotype.Service;
@Service
public class MyService {
private final CounterService counterService;
@Autowired
public MyService(CounterService counterService) {
this.counterService = counterService;
}
public void exampleMethod() {
this.counterService.increment("services.system.myservice.invoked");
}
}|
Tip
|
You can use any string as a metric name but you should follow guidelines of your chosen store/graphing technology. Some good guidelines for Graphite are available on Matt Aimonetti’s Blog. |
To add additional metrics that are computed every time the metrics endpoint is invoked,
simply register additional PublicMetrics implementation bean(s). By default, all such
beans are gathered by the endpoint. You can easily change that by defining your own
MetricsEndpoint.
Metric service implementations are usually bound to a
{sc-spring-boot-actuator}/metrics/repository/MetricRepository.{sc-ext}[MetricRepository].
A MetricRepository is responsible for storing and retrieving metric information. Spring
Boot provides an InMemoryMetricRepository and a RedisMetricRepository out of the
box (the in-memory repository is the default) but you can also write your own. The
MetricRepository interface is actually composed of higher level MetricReader and
MetricWriter interfaces. For full details refer to the
{dc-spring-boot-actuator}/metrics/repository/MetricRepository.{dc-ext}[Javadoc].
There’s nothing to stop you hooking a MetricRepository with back-end storage directly
into your app, but we recommend using the default InMemoryMetricRepository
(possibly with a custom Map instance if you are worried about heap usage) and
populating a back-end repository through a scheduled export job. In that way you get
some buffering in memory of the metric values and you can reduce the network
chatter by exporting less frequently or in batches. Spring Boot provides
an Exporter interface and a few basic implementations for you to get started with that.
User of the Coda Hale `Metrics'' library will automatically
find that Spring Boot metrics are published to `com.codahale.metrics.MetricRegistry. A
default com.codahale.metrics.MetricRegistry Spring bean will be created when you declare
a dependency to the com.codahale.metrics:metrics-core library; you can also register you
own @Bean instance if you need customizations.
Users can create Coda Hale metrics by prefixing their metric names with the appropriate
type (e.g. histogram., meter.).
If the Spring Messaging'' jar is on your classpath a messages'' on that channel. Additional analysis or
actions can be taken by clients subscribing to that channel.MessageChannel called
metricsChannel is automatically created (unless one already exists). All metric update
events are additionally published as
Spring Boot Actuator has a flexible audit framework that will publish events once Spring
Security is in play (authentication success'', failure'' and ``access denied''
exceptions by default). This can be very useful for reporting, and also to implement a
lock-out policy based on authentication failures.
You can also choose to use the audit services for your own business events. To do that
you can either inject the existing AuditEventRepository into your own components and
use that directly, or you can simply publish AuditApplicationEvent via the Spring
ApplicationEventPublisher (using ApplicationEventPublisherAware).
Tracing is automatically enabled for all HTTP requests. You can view the trace endpoint
and obtain basic information about the last few requests:
[{
"timestamp": 1394343677415,
"info": {
"method": "GET",
"path": "/trace",
"headers": {
"request": {
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Connection": "keep-alive",
"Accept-Encoding": "gzip, deflate",
"User-Agent": "Mozilla/5.0 Gecko/Firefox",
"Accept-Language": "en-US,en;q=0.5",
"Cookie": "_ga=GA1.1.827067509.1390890128; ..."
"Authorization": "Basic ...",
"Host": "localhost:8080"
},
"response": {
"Strict-Transport-Security": "max-age=31536000 ; includeSubDomains",
"X-Application-Context": "application:8080",
"Content-Type": "application/json;charset=UTF-8",
"status": "200"
}
}
}
},{
"timestamp": 1394343684465,
...
}]If you need to trace additional events you can inject a
{sc-spring-boot-actuator}/trace/TraceRepository.{sc-ext}[TraceRepository] into your
Spring Beans. The add method accepts a single Map structure that will be converted to
JSON and logged.
By default an InMemoryTraceRepository will be used that stores the last 100 events. You
can define your own instance of the InMemoryTraceRepository bean if you need to expand
the capacity. You can also create your own alternative TraceRepository implementation
if needed.
In Spring Boot Actuator you can find ApplicationPidListener which creates file
containing application PID (by default in application directory and file name is
application.pid). It’s not activated by default, but you can do it in two simple
ways described below.
In META-INF/spring.factories file you have to activate the listener:
org.springframework.context.ApplicationListener=\ org.springframework.boot.actuate.system.ApplicationPidListener
If you want to explore some of the concepts discussed in this chapter, you can take a look at the actuator {github-code}/spring-boot-samples[sample applications]. You also might want to read about graphing tools such as Graphite.
Otherwise, you can continue on, to read about ``cloud deployment options'' or jump ahead for some in depth information about Spring Boot’s 'build tool plugins'.