A description
Actuator definition
actuator is a manufacturing term that refers to a mechanical device for moving or controlling something. May be performed by a small change in a large amount of motion.
To add to the actuator Maven-based project, add the following "Starter" dependencies:
<dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-actuator</artifactId> </dependency> </dependencies>
Endpoints
Actuator endpoints allows you to monitor and interact with application. Spring Boot contains a number of built-in endpoints and allows you to add your own. For example, health
the endpoint application provides basic health information.
Each endpoint can be enabled or disabled . It controls whether to create an endpoint in the application context and its bean exists. To remote access, endpoint must also be exposed through JMX or HTTP . Most applications select HTTP, which endpoint ID and /actuator
the prefix mapping to a URL. For the next example, by default, health
the endpoint is mapped to /actuator/health
.
The following technology-agnostic endpoints are available:
ID | description | Enabled by default |
---|---|---|
auditevents |
The current application of audit events public information. | Yes |
beans |
Application displays a complete list of all Spring beans. | Yes |
caches |
Expose cache available. | Yes |
conditions |
Display condition evaluated on the configuration and the auto-configuration classes and the reasons thereof with or without performing a match. | Yes |
configprops |
Show all @ConfigurationProperties finishing list. |
Yes |
env |
From the Spring of ConfigurableEnvironment public properties. |
Yes |
flyway |
Flyway display any database application migration. | Yes |
health |
Health information display application. | Yes |
httptrace |
HTTP trace information display (by default, the last 100 HTTP request-response exchange). | Yes |
info |
Any application displaying information. | Yes |
integrationgraph |
Display Spring Integration FIG. | Yes |
loggers |
Display and modify the application of the loggers configuration. | Yes |
liquibase |
Liquibase display any database application migration. | Yes |
metrics |
Displays the current application of the 'metrics' information. | Yes |
mappings |
Display all @RequestMapping sorting a list of paths. |
Yes |
scheduledtasks |
Display scheduled tasks in the application. | Yes |
sessions |
It allows the user to retrieve and delete the session from the Spring Session-backed session store in. Use Spring Session Support reactive web applications is not available. | Yes |
shutdown |
Let application normally closed. | No |
threaddump |
Execution thread dump. | Yes |
If the application is a web application (Spring MVC, Spring WebFlux or Jersey), you can use the following additional endpoints:
ID | description | Enabled by default |
---|---|---|
heapdump |
Returns the hprof heap dump file. |
Yes |
jolokia |
Via HTTP disclosed JMX beans (when Jolokia on classpath, does not apply to WebFlux). | Yes |
logfile |
Returns the contents of the log file (if set logging.file or logging.path properties). It supports the use of HTTP Range headers to retrieve a portion of the log file content. |
Yes |
prometheus |
Prometheus public metrics to the server can crawl format. | Yes |
To find out more information about the Actuator endpoints and request and response formats, please see the separate API documentation ( HTML or PDF ).
Enable Endpoints
By default, in addition to enable shutdown
all endpoints outside. To enable the configuration of endpoints, use their management.endpoint..enabled
property. The following example is enabled shutdown
endpoints:
management.endpoint.shutdown.enabled=true
If you want to enable the endpoint to opt-in rather than opt-out, set the management.endpoints.enabled-by-default
property to set false
and use a single endpoint enabled
properties rejoin. The following example is enabled info
endpoints and disable all other endpoints:
management.endpoints.enabled-by-default=false
management.endpoint.info.enabled=true
Disabled endpoints completely removed from the application context. If you want to change the endpoint exposed by technology, use include and exclude the Properties .
Exposure Endpoints
Since Endpoints may contain sensitive information, and therefore should be carefully considered when to open them. The following table shows the default built-in endpoints impressions:
ID | JMX | Web |
---|---|---|
auditevents |
Yes | No |
beans |
Yes | No |
caches |
Yes | No |
conditions |
Yes | No |
configprops |
Yes | No |
env |
Yes | No |
flyway |
Yes | No |
health |
Yes | Yes |
heapdump |
N/A | No |
httptrace |
Yes | No |
info |
Yes | Yes |
integrationgraph |
Yes | No |
jolokia |
N/A | No |
logfile |
N/A | No |
loggers |
Yes | No |
liquibase |
Yes | No |
metrics |
Yes | No |
mappings |
Yes | No |
prometheus |
N/A | No |
scheduledtasks |
Yes | No |
sessions |
Yes | No |
shutdown |
Yes | No |
threaddump |
Yes | No |
To change the public endpoints, use the following technology-specific include
and exclude
properties:
Attributes | default |
---|---|
management.endpoints.jmx.exposure.exclude |
|
management.endpoints.jmx.exposure.include |
* |
management.endpoints.web.exposure.exclude |
|
management.endpoints.web.exposure.include |
info, health |
include
disclosed endpoints listed property's ID. exclude
property not listed endpoints disclosed's ID. exclude
property take precedence over include
property. include
And exclude
properties can be configured endpoint ID list.
For example, to stop by JMX open all endpoints and only display health
and info
endpoints, use the following property:
management.endpoints.jmx.exposure.include=health,info
*
可用于选择所有 endpoints。对于 example,要通过 HTTP 公开除env
和beans
endpoints 之外的所有内容,请使用以下 properties:
management.endpoints.web.exposure.include=*
management.endpoints.web.exposure.exclude=env,beans
*
在 YAML 中有特殊含义,因此如果要包含(或排除)所有 endpoints,请务必添加引号,如下面的示例所示:
management:
endpoints:
web:
exposure:
include: "*"
如果您的 application 公开曝光,我们强烈建议您也保护你的 endpoints。
如果要在公开 endpoints 时实现自己的策略,可以注册
EndpointFilter
bean。
保护 HTTP Endpoints
您应该像处理任何其他敏感 URL 一样注意保护 HTTP endpoints。如果存在 Spring Security,则默认使用 Spring Security 的 content-negotiation 策略保护 endpoints。如果您希望为 HTTP endpoints 配置自定义安全性,对于 example,只允许具有特定角色的用户访问它们,Spring Boot 提供了一些方便的RequestMatcher
objects,可以与 Spring Security 结合使用。
典型的 Spring Security configuration 可能类似于以下 example:
@Configuration
public class ActuatorSecurity extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests()
.anyRequest().hasRole("ENDPOINT_ADMIN")
.and()
.httpBasic();
}
}
前面的 example 使用EndpointRequest.toAnyEndpoint()
来匹配任何端点的请求,然后确保所有端点都具有ENDPOINT_ADMIN
角色。其他几种匹配方法也可以在EndpointRequest
上找到。有关详细信息,请参阅 API 文档(HTML或PDF)。
如果在防火墙后部署 applications,您可能希望无需身份验证即可访问所有 actuator endpoints。您可以通过更改management.endpoints.web.exposure.include
property 来执行此操作,如下所示:
application.properties.
management.endpoints.web.exposure.include=*
此外,如果存在 Spring Security,则需要添加自定义安全性 configuration,以允许对 endpoints 进行未经身份验证的访问,如下面的示例所示:
@Configuration public class ActuatorSecurity extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests() .anyRequest().permitAll(); } }
配置 Endpoints
Endpoints 自动缓存对不带任何参数的读取操作的响应。要配置端点将缓存响应的 time 数量,请使用其cache.time-to-live
application.properties.
management.endpoint.beans.cache.time-to-live=10s
前缀
management.endpoint.
用于唯一标识正在配置的端点。
在进行经过身份验证的 HTTP 请求时,
Principal
被视为端点的输入,因此不会缓存响应。
Actuator Web Endpoints 的超媒体
添加了“发现页面”,其中包含指向所有 endpoints 的链接。默认情况下,“发现页面”在/actuator
上可用。
配置自定义 management context 路径后,“发现页面”会自动从/actuator
移动到 management context 的根目录。对于 example,如果 management context 路径为/management
,则发现页面可从/management
获得。当 management context 路径设置为/
时,将禁用发现页面以防止与其他映射冲突的可能性。
CORS 支持
Cross-origin 资源共享(CORS)是一个W3C 规范,它允许您以灵活的方式指定哪种 cross-domain 请求被授权。如果您使用 Spring MVC 或 Spring WebFlux,则可以配置 Actuator 的 web endpoints 以支持此类方案。
默认情况下禁用 CORS 支持,仅在设置了management.endpoints.web.cors.allowed-origins
property 后才启用 CORS 支持。以下 configuration 允许来自example.com
域的GET
和POST
calls:
management.endpoints.web.cors.allowed-origins=http://example.com management.endpoints.web.cors.allowed-methods=GET,POST
二 演示
-
pom.xml
<dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-actuator</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> <exclusions> <exclusion> <groupId>org.junit.vintage</groupId> <artifactId>junit-vintage-engine</artifactId> </exclusion> </exclusions> </dependency> </dependencies>
-
启动配置类,发会发现(Exposing 2 endpoint(s),就是上面说的)
http://localhost:8080/actuator/health
http://localhost:8080/actuator/info
2019-10-29 23:14:40.757 INFO 3372 --- [ main] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 1270 ms 2019-10-29 23:14:41.057 INFO 3372 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor' 2019-10-29 23:14:41.268 INFO 3372 --- [ main] o.s.b.a.e.web.EndpointLinksResolver : Exposing 2 endpoint(s) beneath base path '/actuator' 2019-10-29 23:14:41.329 INFO 3372 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path '' 2019-10-29 23:14:41.331 INFO 3372 --- [ main] com.example.demo.DemoApplication : Started DemoApplication in 2.442 seconds (JVM running for 5.186)
-
application.yml
management: endpoints: web: exposure: include: "*" info: hello: world
2019-10-29 23:33:21.756 INFO 4512 --- [ main] o.s.b.a.e.web.EndpointLinksResolver : Exposing 13 endpoint(s) beneath base path '/actuator' 2019-10-29 23:33:21.812 INFO 4512 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path '' 2019-10-29 23:33:21.816 INFO 4512 --- [ main] com.example.demo.DemoApplication : Started DemoApplication in 3.021 seconds (JVM running for 5.481)
http://localhost:8080/actuator/metrics
{ "names": [ "jvm.memory.max", "jvm.threads.states", "jvm.gc.memory.promoted", "jvm.memory.used", "jvm.gc.max.data.size", "jvm.gc.pause", "jvm.memory.committed", "system.cpu.count", "logback.events", "http.server.requests", "jvm.buffer.memory.used", "tomcat.sessions.created", "jvm.threads.daemon", "system.cpu.usage", "jvm.gc.memory.allocated", "tomcat.sessions.expired", "jvm.threads.live", "jvm.threads.peak", "process.uptime", "tomcat.sessions.rejected", "process.cpu.usage", "jvm.classes.loaded", "jvm.classes.unloaded", "tomcat.sessions.active.current", "tomcat.sessions.alive.max", "jvm.gc.live.data.size", "jvm.buffer.count", "jvm.buffer.total.capacity", "tomcat.sessions.active.max", "process.start.time" ] }
http://localhost:8080/actuator/caches
{"cacheManagers":{}}
{
"hello": "world"
}