Spring Boot Actuator: Production‐ready features - Yash-777/MyWorld GitHub Wiki

Spring Boot Actuator: Production-ready features

  • Add Dependencies: In your Maven configuration, include the following dependencies:
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId> <!-- Required for HTTP exposure -->
</dependency>

The spring-boot-starter-actuator provides the actuator functionality, and spring-boot-starter-web exposes endpoints via HTTP.

  • Exposing Endpoints:

Enabling Actuator health endpoint mapped to a URL (/actuator/health) if we have context path then http://localhost:8080/api/actuator/health

# TomcatWebServer              : Tomcat started on port(s): 8080 (http) with context path '/api'
server.servlet.context-path=/api


# EndpointLinksResolver        : Exposing 1 endpoint(s) beneath base path '/actuator'
management.endpoints.web.base-path=/actuator

To expose all endpoints (except /shutdown), add the following to your application.properties:
# EndpointLinksResolver        : Exposing 14 endpoint(s) beneath base path '/actuator'
#management.endpoints.web.exposure.include=*

Now you can access endpoints at /actuator (e.g., /actuator/health,

The HTTP status code in the response reflects the overall health status (for example, UP maps to 200, while OUT_OF_SERVICE and DOWN map to 503). You might also want to register custom status mappings if you access the health endpoint over HTTP. For example, the following property maps FATAL to 503 (service unavailable)

503 Service Unavailable: When the health status is OUT_OF_SERVICE or DOWN. Resource exhaustion scenario spring boot configuration

# This property limits the maximum number of connections that Tomcat will accept simultaneously.
server.tomcat.max-connections=10

Securing HTTP Endpoints baeldung.com

In a real-world application, we’re most likely going to have security on our application. With that in mind, let’s secure our actuator endpoints.

First, let’s add security to our application by adding the security starter Maven dependency:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
    <version>2.5.1</version>
</dependency>
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@EnableWebSecurity @Order(2)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests()
                .anyRequest().hasRole("ENDPOINT_ADMIN")
                .and()
            .httpBasic();
    }
}
⚠️ **GitHub.com Fallback** ⚠️