SpringBoot2.X integration Actuator

A description

Actuator definition

actuator is a manufacturing term that refers to a mechanical device for moving or controlling something. May be performed by a small change in a large amount of motion.

To add to the actuator Maven-based project, add the following "Starter" dependencies:

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-actuator</artifactId>
    </dependency>
</dependencies>

Endpoints

Actuator endpoints allows you to monitor and interact with application. Spring Boot contains a number of built-in endpoints and allows you to add your own. For example, healththe endpoint application provides basic health information.

Each endpoint can be enabled or disabled . It controls whether to create an endpoint in the application context and its bean exists. To remote access, endpoint must also be exposed through JMX or HTTP . Most applications select HTTP, which endpoint ID and /actuatorthe prefix mapping to a URL. For the next example, by default, healththe endpoint is mapped to /actuator/health.

The following technology-agnostic endpoints are available:

ID	description	Enabled by default
`auditevents`	The current application of audit events public information.	Yes
`beans`	Application displays a complete list of all Spring beans.	Yes
`caches`	Expose cache available.	Yes
`conditions`	Display condition evaluated on the configuration and the auto-configuration classes and the reasons thereof with or without performing a match.	Yes
`configprops`	Show all `@ConfigurationProperties`finishing list.	Yes
`env`	From the Spring of `ConfigurableEnvironment`public properties.	Yes
`flyway`	Flyway display any database application migration.	Yes
`health`	Health information display application.	Yes
`httptrace`	HTTP trace information display (by default, the last 100 HTTP request-response exchange).	Yes
`info`	Any application displaying information.	Yes
`integrationgraph`	Display Spring Integration FIG.	Yes
`loggers`	Display and modify the application of the loggers configuration.	Yes
`liquibase`	Liquibase display any database application migration.	Yes
`metrics`	Displays the current application of the 'metrics' information.	Yes
`mappings`	Display all `@RequestMapping`sorting a list of paths.	Yes
`scheduledtasks`	Display scheduled tasks in the application.	Yes
`sessions`	It allows the user to retrieve and delete the session from the Spring Session-backed session store in. Use Spring Session Support reactive web applications is not available.	Yes
`shutdown`	Let application normally closed.	No
`threaddump`	Execution thread dump.	Yes

If the application is a web application (Spring MVC, Spring WebFlux or Jersey), you can use the following additional endpoints:

ID	description	Enabled by default
`heapdump`	Returns the `hprof`heap dump file.	Yes
`jolokia`	Via HTTP disclosed JMX beans (when Jolokia on classpath, does not apply to WebFlux).	Yes
`logfile`	Returns the contents of the log file (if set `logging.file`or `logging.path`properties). It supports the use of HTTP `Range`headers to retrieve a portion of the log file content.	Yes
`prometheus`	Prometheus public metrics to the server can crawl format.	Yes

To find out more information about the Actuator endpoints and request and response formats, please see the separate API documentation ( HTML or PDF ).

Enable Endpoints

By default, in addition to enable shutdownall endpoints outside. To enable the configuration of endpoints, use their management.endpoint..enabledproperty. The following example is enabled shutdownendpoints:

management.endpoint.shutdown.enabled=true

If you want to enable the endpoint to opt-in rather than opt-out, set the management.endpoints.enabled-by-defaultproperty to set falseand use a single endpoint enabledproperties rejoin. The following example is enabled infoendpoints and disable all other endpoints:

management.endpoints.enabled-by-default=false
management.endpoint.info.enabled=true

Disabled endpoints completely removed from the application context. If you want to change the endpoint exposed by technology, use include and exclude the Properties .

Exposure Endpoints

Since Endpoints may contain sensitive information, and therefore should be carefully considered when to open them. The following table shows the default built-in endpoints impressions:

ID	JMX	Web
`auditevents`	Yes	No
`beans`	Yes	No
`caches`	Yes	No
`conditions`	Yes	No
`configprops`	Yes	No
`env`	Yes	No
`flyway`	Yes	No
`health`	Yes	Yes
`heapdump`	N/A	No
`httptrace`	Yes	No
`info`	Yes	Yes
`integrationgraph`	Yes	No
`jolokia`	N/A	No
`logfile`	N/A	No
`loggers`	Yes	No
`liquibase`	Yes	No
`metrics`	Yes	No
`mappings`	Yes	No
`prometheus`	N/A	No
`scheduledtasks`	Yes	No
`sessions`	Yes	No
`shutdown`	Yes	No
`threaddump`	Yes	No

To change the public endpoints, use the following technology-specific includeand excludeproperties:

Attributes	default
`management.endpoints.jmx.exposure.exclude`
`management.endpoints.jmx.exposure.include`	`*`
`management.endpoints.web.exposure.exclude`
`management.endpoints.web.exposure.include`	`info, health`

includedisclosed endpoints listed property's ID. excludeproperty not listed endpoints disclosed's ID. excludeproperty take precedence over includeproperty. includeAnd excludeproperties can be configured endpoint ID list.

For example, to stop by JMX open all endpoints and only display healthand infoendpoints, use the following property:

management.endpoints.jmx.exposure.include=health,info

*可用于选择所有 endpoints。对于 example，要通过 HTTP 公开除env和beans endpoints 之外的所有内容，请使用以下 properties：

management.endpoints.web.exposure.include=*
management.endpoints.web.exposure.exclude=env,beans

*在 YAML 中有特殊含义，因此如果要包含(或排除)所有 endpoints，请务必添加引号，如下面的示例所示：

management:
  endpoints:
    web:
      exposure:
        include: "*"

如果您的 application 公开曝光，我们强烈建议您也保护你的 endpoints。

如果要在公开 endpoints 时实现自己的策略，可以注册EndpointFilter bean。

保护 HTTP Endpoints

您应该像处理任何其他敏感 URL 一样注意保护 HTTP endpoints。如果存在 Spring Security，则默认使用 Spring Security 的 content-negotiation 策略保护 endpoints。如果您希望为 HTTP endpoints 配置自定义安全性，对于 example，只允许具有特定角色的用户访问它们，Spring Boot 提供了一些方便的RequestMatcher objects，可以与 Spring Security 结合使用。

典型的 Spring Security configuration 可能类似于以下 example：

@Configuration
public class ActuatorSecurity extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests()
                .anyRequest().hasRole("ENDPOINT_ADMIN")
                .and()
            .httpBasic();
    }

}

前面的 example 使用EndpointRequest.toAnyEndpoint()来匹配任何端点的请求，然后确保所有端点都具有ENDPOINT_ADMIN角色。其他几种匹配方法也可以在EndpointRequest上找到。有关详细信息，请参阅 API 文档(HTML或PDF)。

如果在防火墙后部署 applications，您可能希望无需身份验证即可访问所有 actuator endpoints。您可以通过更改management.endpoints.web.exposure.includeproperty 来执行此操作，如下所示：

application.properties.

management.endpoints.web.exposure.include=*

此外，如果存在 Spring Security，则需要添加自定义安全性 configuration，以允许对 endpoints 进行未经身份验证的访问，如下面的示例所示：

@Configuration
public class ActuatorSecurity extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests()
            .anyRequest().permitAll();
    }

}

配置 Endpoints

Endpoints 自动缓存对不带任何参数的读取操作的响应。要配置端点将缓存响应的 time 数量，请使用其cache.time-to-live property。以下 example 将beans端点缓存的 time-to-live 设置为 10 秒：

application.properties.

management.endpoint.beans.cache.time-to-live=10s

前缀management.endpoint.用于唯一标识正在配置的端点。

在进行经过身份验证的 HTTP 请求时，Principal被视为端点的输入，因此不会缓存响应。

Actuator Web Endpoints 的超媒体

添加了“发现页面”，其中包含指向所有 endpoints 的链接。默认情况下，“发现页面”在/actuator上可用。

配置自定义 management context 路径后，“发现页面”会自动从/actuator移动到 management context 的根目录。对于 example，如果 management context 路径为/management，则发现页面可从/management获得。当 management context 路径设置为/时，将禁用发现页面以防止与其他映射冲突的可能性。

CORS 支持

Cross-origin 资源共享(CORS)是一个W3C 规范，它允许您以灵活的方式指定哪种 cross-domain 请求被授权。如果您使用 Spring MVC 或 Spring WebFlux，则可以配置 Actuator 的 web endpoints 以支持此类方案。

默认情况下禁用 CORS 支持，仅在设置了management.endpoints.web.cors.allowed-origins property 后才启用 CORS 支持。以下 configuration 允许来自example.com域的GET和POST calls：

management.endpoints.web.cors.allowed-origins=http://example.com
management.endpoints.web.cors.allowed-methods=GET,POST

二演示

pom.xml

<dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
            <exclusions>
                <exclusion>
                    <groupId>org.junit.vintage</groupId>
                    <artifactId>junit-vintage-engine</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
    </dependencies>

启动配置类，发会发现(Exposing 2 endpoint(s),就是上面说的)

http://localhost:8080/actuator/health

http://localhost:8080/actuator/info

2019-10-29 23:14:40.757  INFO 3372 --- [           main] o.s.web.context.ContextLoader            : Root WebApplicationContext: initialization completed in 1270 ms
2019-10-29 23:14:41.057  INFO 3372 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'applicationTaskExecutor'
2019-10-29 23:14:41.268  INFO 3372 --- [           main] o.s.b.a.e.web.EndpointLinksResolver      : Exposing 2 endpoint(s) beneath base path '/actuator'
2019-10-29 23:14:41.329  INFO 3372 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8080 (http) with context path ''
2019-10-29 23:14:41.331  INFO 3372 --- [           main] com.example.demo.DemoApplication         : Started DemoApplication in 2.442 seconds (JVM running for 5.186)

application.yml

management:
  endpoints:
    web:
      exposure:
        include: "*"
info:
  hello: world

2019-10-29 23:33:21.756  INFO 4512 --- [           main] o.s.b.a.e.web.EndpointLinksResolver      : Exposing 13 endpoint(s) beneath base path '/actuator'
2019-10-29 23:33:21.812  INFO 4512 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8080 (http) with context path ''
2019-10-29 23:33:21.816  INFO 4512 --- [           main] com.example.demo.DemoApplication         : Started DemoApplication in 3.021 seconds (JVM running for 5.481)

http://localhost:8080/actuator/metrics

{
  "names": [
    "jvm.memory.max",
    "jvm.threads.states",
    "jvm.gc.memory.promoted",
    "jvm.memory.used",
    "jvm.gc.max.data.size",
    "jvm.gc.pause",
    "jvm.memory.committed",
    "system.cpu.count",
    "logback.events",
    "http.server.requests",
    "jvm.buffer.memory.used",
    "tomcat.sessions.created",
    "jvm.threads.daemon",
    "system.cpu.usage",
    "jvm.gc.memory.allocated",
    "tomcat.sessions.expired",
    "jvm.threads.live",
    "jvm.threads.peak",
    "process.uptime",
    "tomcat.sessions.rejected",
    "process.cpu.usage",
    "jvm.classes.loaded",
    "jvm.classes.unloaded",
    "tomcat.sessions.active.current",
    "tomcat.sessions.alive.max",
    "jvm.gc.live.data.size",
    "jvm.buffer.count",
    "jvm.buffer.total.capacity",
    "tomcat.sessions.active.max",
    "process.start.time"
  ]
}

http://localhost:8080/actuator/caches

{"cacheManagers":{}}

http://localhost:8080/actuator/info

{
  "hello": "world"
}