[[production-ready]] = Spring Boot Actuator: Production-ready features [partintro] -- Spring Boot includes a number of additional features to help you monitor and manage your application when it's pushed to production. You can choose to manage and monitor your application using HTTP endpoints or with JMX. Auditing, health and metrics gathering can be automatically applied to your application. Actuator HTTP endpoints are only available with a Spring MVC-based application. In particular, it will not work with Jersey <> -- [[production-ready-enabling]] == Enabling production-ready features The {github-code}/spring-boot-project/spring-boot-actuator[`spring-boot-actuator`] module provides all of Spring Boot's production-ready features. The simplest way to enable the features is to add a dependency to the `spring-boot-starter-actuator` '`Starter`'. .Definition of Actuator **** An actuator is a manufacturing term, referring to a mechanical device for moving or controlling something. Actuators can generate a large amount of motion from a small change. **** To add the actuator to a Maven based project, add the following '`Starter`' dependency: [source,xml,indent=0] ---- org.springframework.boot spring-boot-starter-actuator ---- For Gradle, use the declaration: [source,groovy,indent=0] ---- dependencies { compile("org.springframework.boot:spring-boot-starter-actuator") } ---- [[production-ready-endpoints]] == Endpoints Actuator endpoints allow you to monitor and interact with your application. Spring Boot includes a number of built-in endpoints and you can also add your own. For example the `health` endpoint provides basic application health information. The way that endpoints are exposed will depend on the type of technology that you choose. Most applications choose HTTP monitoring, where the ID of the endpoint along with a prefix of `/application` is mapped to a URL. For example, by default, the `health` endpoint will be mapped to `/application/health`. The following technology agnostic endpoints are available: [cols="2,5"] |=== | ID | Description |`auditevents` |Exposes audit events information for the current application. |`autoconfig` |Displays an auto-configuration report showing all auto-configuration candidates and the reason why they '`were`' or '`were not`' applied. |`beans` |Displays a complete list of all the Spring beans in your application. |`configprops` |Displays a collated list of all `@ConfigurationProperties`. |`env` |Exposes properties from Spring's `ConfigurableEnvironment`. |`flyway` |Shows any Flyway database migrations that have been applied. |`health` |Shows application health information. |`info` |Displays arbitrary application info. |`loggers` |Shows and modifies the configuration of loggers in the application. |`liquibase` |Shows any Liquibase database migrations that have been applied. |`metrics` |Shows '`metrics`' information for the current application. |`mappings` |Displays a collated list of all `@RequestMapping` paths. |`sessions` |Allows retrieval and deletion of user's sessions from Spring Session backed session store. |`shutdown` |Allows the application to be gracefully shutdown (not enabled by default). |`status` |Show application status information (i.e. `health` status with no additional details). |`threaddump` |Performs a thread dump. |`trace` |Displays trace information (by default the last 100 HTTP requests). |=== If your application is a web application (Spring MVC, Spring WebFlux, or Jersey), the following additional endpoints can also be used: [cols="2,5"] |=== | ID | Description |`heapdump` |Returns a GZip compressed `hprof` heap dump file. |`logfile` |Returns the contents of the logfile (if `logging.file` or `logging.path` properties have been set). Supports the use of the HTTP `Range` header to retrieve part of the log file's content. |`prometheus` |Exposes metrics in a format that can be scraped by a Prometheus server. |=== [[production-ready-endpoints-security]] === Securing endpoints By default all HTTP endpoints are secured such that only users that have an `ACTUATOR` role may access them. Security is enforced using the standard `HttpServletRequest.isUserInRole` method. TIP: Use the `management.security.roles` property if you want something different to `ACTUATOR`. If you are deploying applications behind a firewall, you may prefer that all your actuator endpoints can be accessed without requiring authentication. You can do this by changing the `management.security.enabled` property: .application.properties [source,properties,indent=0] ---- management.security.enabled=false ---- NOTE: By default, actuator endpoints are exposed on the same port that serves regular HTTP traffic. Take care not to accidentally expose sensitive information if you change the `management.security.enabled` property. If you're deploying applications publicly, you may want to add '`Spring Security`' to handle user authentication. When '`Spring Security`' is added, by default '`basic`' authentication will be used with the username `user` and a generated password (which is printed on the console when the application starts). TIP: Generated passwords are logged as the application starts. Search for '`Using default security password`'. You can use Spring properties to change the username and password and to change the security role(s) required to access the endpoints. For example, you might set the following in your `application.properties`: [source,properties,indent=0] ---- security.user.name=admin security.user.password=secret management.security.roles=SUPERUSER ---- If your application has custom security configuration and you want all your actuator endpoints to be accessible without authentication, you need to explicitly configure that in your security configuration. Along with that, you need to change the `management.security.enabled` property to `false`. If your custom security configuration secures your actuator endpoints, you also need to ensure that the authenticated user has the roles specified under `management.security.roles`. TIP: If you don't have a use case for exposing basic health information to unauthenticated users, and you have secured the actuator endpoints with custom security, you can set `management.security.enabled` to `false`. This will inform Spring Boot to skip the additional role check. [[production-ready-customizing-endpoints]] === Customizing endpoints Endpoints can be customized using Spring properties. You can change if an endpoint is `enabled` and its `id`. For example, here is an `application.properties` that changes the id of the `beans` endpoint and also enables `shutdown`. [source,properties,indent=0] ---- endpoints.beans.id=springbeans endpoints.shutdown.enabled=true ---- NOTE: The prefix ‟`endpoints` + `.` + `name`” is used to uniquely identify the endpoint that is being configured. By default, all endpoints except for `shutdown` are enabled. If you prefer to specifically "`opt-in`" endpoint enablement you can use the `endpoints.default.enabled` property. For example, the following will disable _all_ endpoints except for `info`: [source,properties,indent=0] ---- endpoints.default.enabled=false endpoints.info.enabled=true ---- [[production-ready-endpoint-hypermedia]] === Hypermedia for actuator web endpoints A "`discovery page`" is added with links to all the endpoints. The "`discovery page`" is available on `/application` by default. When a custom management context path is configured, the "`discovery page`" will automatically move from `/application` to the root of the management context. For example, if the management context path is `/management` then the discovery page will be available from `/management`. When the management context path is set to `/` the discovery page is disabled to prevent the possibility of a clash with other mappings. [[production-ready-endpoint-cors]] === CORS support http://en.wikipedia.org/wiki/Cross-origin_resource_sharing[Cross-origin resource sharing] (CORS) is a http://www.w3.org/TR/cors/[W3C specification] that allows you to specify in a flexible way what kind of cross domain requests are authorized. If you are using Spring MVC or Spring WebFlux, Actuator's web endpoints can be configured to support such scenarios. CORS support is disabled by default and is only enabled once the `management.endpoints.cors.allowed-origins` property has been set. The configuration below permits `GET` and `POST` calls from the `example.com` domain: [source,properties,indent=0] ---- management.endpoints.cors.allowed-origins=http://example.com management.endpoints.cors.allowed-methods=GET,POST ---- TIP: Check {sc-spring-boot-actuator-autoconfigure}/endpoint/web/servlet/CorsEndpointProperties.{sc-ext}[CorsEndpointProperties] for a complete list of options. [[production-ready-customizing-endpoints-programmatically]] === Adding custom endpoints If you add a `@Bean` annotated with `@Endpoint`, any methods annotated with `@ReadOperation` or `@WriteOperation` will automatically be exposed over JMX and, in a web application, over HTTP as well. TIP: If you are doing this as a library feature consider adding a configuration class annotated with `@ManagementContextConfiguration` to `/META-INF/spring.factories` under the key `org.springframework.boot.actuate.autoconfigure.ManagementContextConfiguration`. If you do that then the endpoint will move to a child context with all the other web endpoints endpoints if your users ask for a separate management port or address. [[production-ready-health]] === Health information Health information can be used to check the status of your running application. It is often used by monitoring software to alert someone if a production system goes down. The default information exposed by the `health` endpoint depends on how it is accessed. For an unauthenticated connection in a secure application a simple '`status`' message is returned, and for an authenticated connection additional details are also displayed (see <> for HTTP details). Health information is collected from all {sc-spring-boot-actuator}/health/HealthIndicator.{sc-ext}[`HealthIndicator`] beans defined in your `ApplicationContext`. Spring Boot includes a number of auto-configured `HealthIndicators` and you can also write your own. By default, the final system state is derived by the `HealthAggregator` which sorts the statuses from each `HealthIndicator` based on an ordered list of statuses. The first status in the sorted list is used as the overall health status. If no `HealthIndicator` returns a status that is known to the `HealthAggregator`, an `UNKNOWN` status is used. ==== Auto-configured HealthIndicators The following `HealthIndicators` are auto-configured by Spring Boot when appropriate: [cols="1,4"] |=== |Name |Description |{sc-spring-boot-actuator}/cassandra/CassandraHealthIndicator.{sc-ext}[`CassandraHealthIndicator`] |Checks that a Cassandra database is up. |{sc-spring-boot-actuator}/system/DiskSpaceHealthIndicator.{sc-ext}[`DiskSpaceHealthIndicator`] |Checks for low disk space. |{sc-spring-boot-actuator}/jdbc/DataSourceHealthIndicator.{sc-ext}[`DataSourceHealthIndicator`] |Checks that a connection to `DataSource` can be obtained. |{sc-spring-boot-actuator}/elasticsearch/ElasticsearchHealthIndicator.{sc-ext}[`ElasticsearchHealthIndicator`] |Checks that an Elasticsearch cluster is up. |{sc-spring-boot-actuator}/jms/JmsHealthIndicator.{sc-ext}[`JmsHealthIndicator`] |Checks that a JMS broker is up. |{sc-spring-boot-actuator}/mail/MailHealthIndicator.{sc-ext}[`MailHealthIndicator`] |Checks that a mail server is up. |{sc-spring-boot-actuator}/mongo/MongoHealthIndicator.{sc-ext}[`MongoHealthIndicator`] |Checks that a Mongo database is up. |{sc-spring-boot-actuator}/amqp/RabbitHealthIndicator.{sc-ext}[`RabbitHealthIndicator`] |Checks that a Rabbit server is up. |{sc-spring-boot-actuator}/redis/RedisHealthIndicator.{sc-ext}[`RedisHealthIndicator`] |Checks that a Redis server is up. |{sc-spring-boot-actuator}/solr/SolrHealthIndicator.{sc-ext}[`SolrHealthIndicator`] |Checks that a Solr server is up. |=== TIP: It is possible to disable them all using the `management.health.defaults.enabled` property. ==== Writing custom HealthIndicators To provide custom health information you can register Spring beans that implement the {sc-spring-boot-actuator}/health/HealthIndicator.{sc-ext}[`HealthIndicator`] interface. You need to provide an implementation of the `health()` method and return a `Health` response. The `Health` response should include a status and can optionally include additional details to be displayed. [source,java,indent=0] ---- import org.springframework.boot.actuate.health.Health; import org.springframework.boot.actuate.health.HealthIndicator; import org.springframework.stereotype.Component; @Component public class MyHealthIndicator implements HealthIndicator { @Override public Health health() { int errorCode = check(); // perform some specific health check if (errorCode != 0) { return Health.down().withDetail("Error Code", errorCode).build(); } return Health.up().build(); } } ---- NOTE: The identifier for a given `HealthIndicator` is the name of the bean without the `HealthIndicator` suffix if it exists. In the example above, the health information will be available in an entry named `my`. In addition to Spring Boot's predefined {sc-spring-boot-actuator}/health/Status.{sc-ext}[`Status`] types, it is also possible for `Health` to return a custom `Status` that represents a new system state. In such cases a custom implementation of the {sc-spring-boot-actuator}/health/HealthAggregator.{sc-ext}[`HealthAggregator`] interface also needs to be provided, or the default implementation has to be configured using the `management.health.status.order` configuration property. For example, assuming a new `Status` with code `FATAL` is being used in one of your `HealthIndicator` implementations. To configure the severity order add the following to your application properties: [source,properties,indent=0] ---- management.health.status.order=FATAL, DOWN, OUT_OF_SERVICE, UNKNOWN, UP ---- The HTTP status code in the response reflects the overall health status (e.g. `UP` maps to 200, `OUT_OF_SERVICE` or `DOWN` to 503). You might also want to register custom status mappings if you access the health endpoint over HTTP. For example, the following maps `FATAL` to 503 (service unavailable). [source,properties,indent=0] ---- management.health.status.http-mapping.FATAL=503 ---- TIP: If you need more control you can define your own `HealthStatusHttpMapper` bean. The default status mappings for the built-in statuses are: [cols="1,3"] |=== |Status |Mapping |DOWN |SERVICE_UNAVAILABLE (503) |OUT_OF_SERVICE |SERVICE_UNAVAILABLE (503) |UP |No mapping by default, so http status is 200 |UNKNOWN |No mapping by default, so http status is 200 |=== [[production-ready-application-info]] === Application information Application information exposes various information collected from all {sc-spring-boot-actuator}/info/InfoContributor.{sc-ext}[`InfoContributor`] beans defined in your `ApplicationContext`. Spring Boot includes a number of auto-configured `InfoContributors` and you can also write your own. [[production-ready-application-info-autoconfigure]] ==== Auto-configured InfoContributors The following `InfoContributors` are auto-configured by Spring Boot when appropriate: [cols="1,4"] |=== |Name |Description |{sc-spring-boot-actuator}/info/EnvironmentInfoContributor.{sc-ext}[`EnvironmentInfoContributor`] |Expose any key from the `Environment` under the `info` key. |{sc-spring-boot-actuator}/info/GitInfoContributor.{sc-ext}[`GitInfoContributor`] |Expose git information if a `git.properties` file is available. |{sc-spring-boot-actuator}/info/BuildInfoContributor.{sc-ext}[`BuildInfoContributor`] |Expose build information if a `META-INF/build-info.properties` file is available. |=== TIP: It is possible to disable them all using the `management.info.defaults.enabled` property. [[production-ready-application-info-env]] ==== Custom application info information You can customize the data exposed by the `info` endpoint by setting `+info.*+` Spring properties. All `Environment` properties under the info key will be automatically exposed. For example, you could add the following to your `application.properties`: [source,properties,indent=0] ---- info.app.encoding=UTF-8 info.app.java.source=1.8 info.app.java.target=1.8 ---- [TIP] ==== Rather than hardcoding those values you could also <>. Assuming you are using Maven, you could rewrite the example above as follows: [source,properties,indent=0] ---- info.app.encoding=@project.build.sourceEncoding@ info.app.java.source=@java.version@ info.app.java.target=@java.version@ ---- ==== [[production-ready-application-info-git]] ==== Git commit information Another useful feature of the `info` endpoint is its ability to publish information about the state of your `git` source code repository when the project was built. If a `GitProperties` bean is available, the `git.branch`, `git.commit.id` and `git.commit.time` properties will be exposed. TIP: A `GitProperties` bean is auto-configured if a `git.properties` file is available at the root of the classpath. See <> for more details. If you want to display the full git information (i.e. the full content of `git.properties`), use the `management.info.git.mode` property: [source,properties,indent=0] ---- management.info.git.mode=full ---- [[production-ready-application-info-build]] ==== Build information The `info` endpoint can also publish information about your build if a `BuildProperties` bean is available. This happens if a `META-INF/build-info.properties` file is available in the classpath. TIP: The Maven and Gradle plugins can both generate that file, see <> for more details. [[production-ready-application-info-custom]] ==== Writing custom InfoContributors To provide custom application information you can register Spring beans that implement the {sc-spring-boot-actuator}/info/InfoContributor.{sc-ext}[`InfoContributor`] interface. The example below contributes an `example` entry with a single value: [source,java,indent=0] ---- import java.util.Collections; import org.springframework.boot.actuate.info.Info; import org.springframework.boot.actuate.info.InfoContributor; import org.springframework.stereotype.Component; @Component public class ExampleInfoContributor implements InfoContributor { @Override public void contribute(Info.Builder builder) { builder.withDetail("example", Collections.singletonMap("key", "value")); } } ---- If you hit the `info` endpoint you should see a response that contains the following additional entry: [source,json,indent=0] ---- { "example": { "key" : "value" } } ---- [[production-ready-monitoring]] == Monitoring and management over HTTP If you are developing a Spring MVC application, Spring Boot Actuator will auto-configure all enabled endpoints to be exposed over HTTP. The default convention is to use the `id` of the endpoint with a prefix of `/application` as the URL path. For example, `health` is exposed as `/application/health`. [[production-ready-customizing-management-server-context-path]] === Customizing the management endpoint paths Sometimes it is useful to customize the prefix for the management endpoints. For example, your application might already use `/application` for another purpose. You can use the `management.endpoints.web.base-path` property to change the prefix for your management endpoint: [source,properties,indent=0] ---- management.endpoints.web.base-path=/manage ---- The `application.properties` example above will change the endpoint from `/application/{id}` to `/manage/{id}` (e.g. `/manage/info`). NOTE: Unless the management port has been configured to <>, `management.endpoints.web.base-path` is relative to `server.context-path`. If `management.server.port` is configured, `management.endpoints.web.base-path`, is relative to `management.server.servlet.context-path`. [[production-ready-customizing-management-server-port]] === Customizing the management server port Exposing management endpoints using the default HTTP port is a sensible choice for cloud based deployments. If, however, your application runs inside your own data center you may prefer to expose endpoints using a different HTTP port. The `management.server.port` property can be used to change the HTTP port. [source,properties,indent=0] ---- management.server.port=8081 ---- Since your management port is often protected by a firewall, and not exposed to the public you might not need security on the management endpoints, even if your main application is secure. In that case you will have Spring Security on the classpath, and you can disable management security like this: [source,properties,indent=0] ---- management.security.enabled=false ---- (If you don't have Spring Security on the classpath then there is no need to explicitly disable the management security in this way, and it might even break the application.) [[production-ready-management-specific-ssl]] === Configuring management-specific SSL When configured to use a custom port, the management server can also be configured with its own SSL using the various `management.server.ssl.*` properties. For example, this allows a management server to be available via HTTP while the main application uses HTTPS: [source,properties,indent=0] ---- server.port=8443 server.ssl.enabled=true server.ssl.key-store=classpath:store.jks server.ssl.key-password=secret management.server.port=8080 management.server.ssl.enabled=false ---- Alternatively, both the main server and the management server can use SSL but with different key stores: [source,properties,indent=0] ---- server.port=8443 server.ssl.enabled=true server.ssl.key-store=classpath:main.jks server.ssl.key-password=secret management.server.port=8080 management.server.ssl.enabled=true management.server.ssl.key-store=classpath:management.jks management.server.ssl.key-password=secret ---- [[production-ready-customizing-management-server-address]] === Customizing the management server address You can customize the address that the management endpoints are available on by setting the `management.server.address` property. This can be useful if you want to listen only on an internal or ops-facing network, or to only listen for connections from `localhost`. NOTE: You can only listen on a different address if the port is different to the main server port. Here is an example `application.properties` that will not allow remote management connections: [source,properties,indent=0] ---- management.server.port=8081 management.server.address=127.0.0.1 ---- [[production-ready-disabling-http-endpoints]] === Disabling HTTP endpoints If you don't want to expose endpoints over HTTP you can set the management port to `-1`: [source,properties,indent=0] ---- management.server.port=-1 ---- [[production-ready-health-access-restrictions]] === HTTP health endpoint format and access restrictions The information exposed by the health endpoint varies depending on whether or not it's accessed anonymously, and whether or not the enclosing application is secure. By default, when accessed anonymously in a secure application, any details about the server's health are hidden and the endpoint will simply indicate whether or not the server is up or down. Sample summarized HTTP response (default for anonymous request): [source,indent=0] ---- $ curl -i localhost:8080/health HTTP/1.1 200 X-Application-Context: application Content-Type: application/vnd.spring-boot.actuator.v2+json;charset=UTF-8 Content-Length: 15 {"status":"UP"} ---- Sample summarized HTTP response for status "DOWN" (notice the 503 status code): [source,indent=0] ---- $ curl -i localhost:8080/health HTTP/1.1 503 X-Application-Context: application Content-Type: application/vnd.spring-boot.actuator.v2+json;charset=UTF-8 Content-Length: 17 {"status":"DOWN"} ---- Sample detailed HTTP response: [source,indent=0] ---- $ curl -i localhost:8080/health HTTP/1.1 200 OK X-Application-Context: application Content-Type: application/vnd.spring-boot.actuator.v2+json;charset=UTF-8 Content-Length: 221 { "status" : "UP", "diskSpace" : { "status" : "UP", "total" : 63251804160, "free" : 31316164608, "threshold" : 10485760 }, "db" : { "status" : "UP", "database" : "H2", "hello" : 1 } } ---- [[production-ready-jmx]] == Monitoring and management over JMX Java Management Extensions (JMX) provide a standard mechanism to monitor and manage applications. By default Spring Boot will expose management endpoints as JMX MBeans under the `org.springframework.boot` domain. [[production-ready-custom-mbean-names]] === Customizing MBean names The name of the MBean is usually generated from the `id` of the endpoint. For example the `health` endpoint is exposed as `org.springframework.boot:type=Endpoint,name=Health`. If your application contains more than one Spring `ApplicationContext` you may find that names clash. To solve this problem you can set the `management.endpoints.jmx.unique-names` property to `true` so that MBean names are always unique. You can also customize the JMX domain under which endpoints are exposed. Here is an example `application.properties`: [source,properties,indent=0] ---- management.endpoints.jmx.domain=com.example.myapp management.endpoints.jmx.unique-names=true ---- [[production-ready-disable-jmx-endpoints]] === Disabling JMX endpoints If you don't want to expose endpoints over JMX you can set the `endpoints.default.jmx.enabled` property to `false`: [source,properties,indent=0] ---- endpoints.default.jmx.enabled=false ---- [[production-ready-jolokia]] === Using Jolokia for JMX over HTTP Jolokia is a JMX-HTTP bridge giving an alternative method of accessing JMX beans. To use Jolokia, simply include a dependency to `org.jolokia:jolokia-core`. For example, using Maven you would add the following: [source,xml,indent=0] ---- org.jolokia jolokia-core ---- Jolokia can then be accessed using `/application/jolokia` on your management HTTP server. [[production-ready-customizing-jolokia]] ==== Customizing Jolokia Jolokia has a number of settings that you would traditionally configure using servlet parameters. With Spring Boot you can use your `application.properties`, simply prefix the parameter with `management.jolokia.config.`: [source,properties,indent=0] ---- management.jolokia.config.debug=true ---- [[production-ready-disabling-jolokia]] ==== Disabling Jolokia If you are using Jolokia but you don't want Spring Boot to configure it, simply set the `management.jolokia.enabled` property to `false`: [source,properties,indent=0] ---- management.jolokia.enabled=false ---- [[production-ready-loggers]] == Loggers Spring Boot Actuator includes the ability to view and configure the log levels of your application at runtime. You can view either the entire list or an individual logger's configuration which is made up of both the explicitly configured logging level as well as the effective logging level given to it by the logging framework. These levels can be: * `TRACE` * `DEBUG` * `INFO` * `WARN` * `ERROR` * `FATAL` * `OFF` * `null` with `null` indicating that there is no explicit configuration. [[production-ready-logger-configuration]] === Configure a Logger In order to configure a given logger, you `POST` a partial entity to the resource's URI: [source,json,indent=0] ---- { "configuredLevel": "DEBUG" } ---- TIP: You can also pass a `null` `configuredLevel` to "reset" the specific level of the logger (and use the default configuration instead). [[production-ready-metrics]] == Metrics Spring Boot Actuator provides dependency management and auto-configuration for https://micrometer.io[Micrometer], an application metrics facade that supports numerous monitoring systems: - https://github.com/Netflix/atlas[Atlas] - https://www.datadoghq.com[Datadog] - http://ganglia.sourceforge.net[Ganglia] - https://graphiteapp.org[Graphite] - https://www.influxdata.com[Influx] - https://prometheus.io[Prometheus] Micrometer provides a separate module for each supported monitoring system. Depending on one (or more) of these modules is sufficient to get started with Micrometer in your Spring Boot application. To learn more about Micrometer's capabilities, please refer to its https://micrometer.io/docs[reference documentation]. [[production-ready-metrics-spring-mvc]] === Spring MVC metrics Auto-configuration will enable the instrumentation of requests handled by Spring MVC. When `spring.metrics.web.server.auto-time-requests` is `true`, this instrumentation will occur for all requests. Alternatively, when set to `false`, instrumentation can be enabled by adding `@Timed` to a request-handling method. Metrics will, by default, be generated with the name `http.server.requests`. The name can be customized using the `spring.metrics.web.server.requests-metrics-name` property. [[production-ready-metrics-spring-mvc-tags]] ==== Spring MVC metric tags Spring MVC-related metrics will, by default, be tagged with the following: - Request's method, - Request's URI (templated if possible) - Simple class name of any exception that was thrown while handling the request - Response's status To customize the tags, provide a `@Bean` that implements `WebMvcTagsProvider`. [[production-ready-metrics-web-flux]] === WebFlux metrics Auto-configuration will enable the instrumentation of all requests handled by WebFlux controllers. A helper class, `RouterFunctionMetrics`, is also provided that can be used to instrument applications using WebFlux's functional programming model. Metrics will, by default, be generated with the name `http.server.requests`. The name can be customized using the `spring.metrics.web.server.requests-metrics-name` property. [[production-ready-metrics-web-flux-tags]] ==== WebFlux metric tags WebFlux-related metrics for the annotation-based programming model will, by default, be tagged with the following: - Request's method, - Request's URI (templated if possible) - Simple class name of any exception that was thrown while handling the request - Response's status To customize the tags, provide a `@Bean` that implements `WebFluxTagsProvider`. Metrics for the functional programming model will, by default, be tagged with the following: - Request's method, - Request's URI (templated if possible) - Response's status To customize the tags, use the `defaultTags` method on the `RouterFunctionMetrics` instance that you are using. [[production-ready-metrics-rest-template]] === RestTemplate metrics Auto-configuration will customize the auto-configured `RestTemplate` to enable the instrumentation of its requests. `MetricsRestTemplateCustomizer` can be used to customize your own `RestTemplate` instances. Metrics will, by default, be generated with the name `http.client.requests`. The name can be customized using the `spring.metrics.web.client.requests-metrics-name` property. [[production-ready-metrics-rest-template-tags]] ==== RestTemplate metric tags Metrics generated by an instrumented `RestTemplate` will, by default, be tagged with the following: - Request's method - Request's URI (templated if possible) - Response's status - Request URI's host [[production-ready-metrics-integration]] Auto-configuration will enable binding of a number of Spring Integration-related metrics: .General metrics |=== | Metric | Description | `spring.integration.channelNames` | Number of Spring Integration channels | `spring.integration.handlerNames` | Number of Spring Integration handlers | `spring.integration.sourceNames` | Number of Spring Integration sources |=== .Channel metrics |=== | Metric | Description | `spring.integration.channel.receives` | Number of receives | `spring.integration.channel.sendErrors` | Number of failed sends | `spring.integration.channel.sends` | Number of successful sends |=== .Handler metrics |=== | Metric | Description | `spring.integration.handler.duration.max` | Maximum handler duration in milliseconds | `spring.integration.handler.duration.min` | Minimum handler duration in milliseconds | `spring.integration.handler.duration.mean` | Mean handler duration in milliseconds | `spring.integration.handler.activeCount` | Number of active handlers |=== .Source metrics |=== | Metric | Description | `spring.integration.source.messages` | Number of successful source calls |=== [[production-ready-auditing]] == Auditing Spring Boot Actuator has a flexible audit framework that will publish events once Spring Security is in play ('`authentication success`', '`failure`' and '`access denied`' exceptions by default). This can be very useful for reporting, and also to implement a lock-out policy based on authentication failures. To customize published security events you can provide your own implementations of `AbstractAuthenticationAuditListener` and `AbstractAuthorizationAuditListener`. You can also choose to use the audit services for your own business events. To do that you can either inject the existing `AuditEventRepository` into your own components and use that directly, or you can simply publish `AuditApplicationEvent` via the Spring `ApplicationEventPublisher` (using `ApplicationEventPublisherAware`). [[production-ready-tracing]] == Tracing Tracing is automatically enabled for all HTTP requests. You can view the `trace` endpoint and obtain basic information about the last 100 requests: [source,json,indent=0] ---- [{ "timestamp": 1394343677415, "info": { "method": "GET", "path": "/trace", "headers": { "request": { "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Connection": "keep-alive", "Accept-Encoding": "gzip, deflate", "User-Agent": "Mozilla/5.0 Gecko/Firefox", "Accept-Language": "en-US,en;q=0.5", "Cookie": "_ga=GA1.1.827067509.1390890128; ..." "Authorization": "Basic ...", "Host": "localhost:8080" }, "response": { "Strict-Transport-Security": "max-age=31536000 ; includeSubDomains", "X-Application-Context": "application:8080", "Content-Type": "application/json;charset=UTF-8", "status": "200" } } } },{ "timestamp": 1394343684465, ... }] ---- The following are included in the trace by default: [cols="1,2"] |=== |Name |Description |Request Headers |Headers from the request. |Response Headers |Headers from the response. |Cookies |`Cookie` from request headers and `Set-Cookie` from response headers. |Errors |The error attributes (if any). |Time Taken |The time taken to service the request in milliseconds. |=== [[production-ready-custom-tracing]] === Custom tracing If you need to trace additional events you can inject a {sc-spring-boot-actuator}/trace/TraceRepository.{sc-ext}[`TraceRepository`] into your Spring beans. The `add` method accepts a single `Map` structure that will be converted to JSON and logged. By default an `InMemoryTraceRepository` will be used that stores the last 100 events. You can define your own instance of the `InMemoryTraceRepository` bean if you need to expand the capacity. You can also create your own alternative `TraceRepository` implementation if needed. [[production-ready-process-monitoring]] == Process monitoring In Spring Boot Actuator you can find a couple of classes to create files that are useful for process monitoring: * `ApplicationPidFileWriter` creates a file containing the application PID (by default in the application directory with the file name `application.pid`). * `EmbeddedServerPortFileWriter` creates a file (or files) containing the ports of the embedded server (by default in the application directory with the file name `application.port`). These writers are not activated by default, but you can enable them in one of the ways described below. [[production-ready-process-monitoring-configuration]] === Extend configuration In `META-INF/spring.factories` file you can activate the listener(s) that writes a PID file. Example: [indent=0] ---- org.springframework.context.ApplicationListener=\ org.springframework.boot.system.ApplicationPidFileWriter,\ org.springframework.boot.actuate.system.EmbeddedServerPortFileWriter ---- [[production-ready-process-monitoring-programmatically]] === Programmatically You can also activate a listener by invoking the `SpringApplication.addListeners(...)` method and passing the appropriate `Writer` object. This method also allows you to customize the file name and path via the `Writer` constructor. [[production-ready-cloudfoundry]] == Cloud Foundry support Spring Boot's actuator module includes additional support that is activated when you deploy to a compatible Cloud Foundry instance. The `/cloudfoundryapplication` path provides an alternative secured route to all `@Endpoint` beans. The extended support allows Cloud Foundry management UIs (such as the web application that you can use to view deployed applications) to be augmented with Spring Boot actuator information. For example, an application status page may include full health information instead of the typical "`running`" or "`stopped`" status. NOTE: The `/cloudfoundryapplication` path is not directly accessible to regular users. In order to use the endpoint a valid UAA token must be passed with the request. [[production-ready-cloudfoundry-disable]] === Disabling extended Cloud Foundry actuator support If you want to fully disable the `/cloudfoundryapplication` endpoints you can add the following to your `application.properties` file: .application.properties [source,properties,indent=0] ---- management.cloudfoundry.enabled=false ---- [[production-ready-cloudfoundry-ssl]] === Cloud Foundry self signed certificates By default, the security verification for `/cloudfoundryapplication` endpoints makes SSL calls to various Cloud Foundry services. If your Cloud Foundry UAA or Cloud Controller services use self-signed certificates you will need to set the following property: .application.properties [source,properties,indent=0] ---- management.cloudfoundry.skip-ssl-validation=true ---- [[production-ready-cloudfoundry-custom-security]] === Custom security configuration If you define custom security configuration, and you want extended Cloud Foundry actuator support, you'll should ensure that `/cloudfoundryapplication/**` paths are open. Without a direct open route, your Cloud Foundry application manager will not be able to obtain endpoint data. For Spring Security, you'll typically include something like `mvcMatchers("/cloudfoundryapplication/**").permitAll()` in your configuration: [source,java,indent=0] ---- include::{code-examples}/cloudfoundry/CloudFoundryIgnorePathsExample.java[tag=security] ---- [[production-ready-whats-next]] == What to read next If you want to explore some of the concepts discussed in this chapter, you can take a look at the actuator {github-code}/spring-boot-samples[sample applications]. You also might want to read about graphing tools such as http://graphite.wikidot.com/[Graphite]. Otherwise, you can continue on, to read about <> or jump ahead for some in-depth information about Spring Boot's _<>_.