CODEWITHSUNDEEP
javaspringspring-bootopenshiftprometheus
osharko
osharko

Reputation: 224

SpringBoot disable Actuator root

I'm using Spring Boot and exposing metrics with actuator and prometheus. I want to expose info, health, metrics, prometheus, shutdown, and nothing more. But even if I specify into the application properties, what I see is that even the root /actuator is exposed.

I would like to disable the root actuator and have only the 5 members I said previously.

Is there a way to don't expose only the /actuator endpoint? I've also tried in application properties doing like this:

management.endpoints.web.exposure.exclude=actuator

That is the list of the exposed actuator:

{
   "_links":{
      "self":{
         "href":"http://localhost:9002/actuator",
         "templated":false
      },
      "health-component-instance":{
         "href":"http://localhost:9002/actuator/health/{component}/{instance}",
         "templated":true
      },
      "health-component":{
         "href":"http://localhost:9002/actuator/health/{component}",
         "templated":true
      },
      "health":{
         "href":"http://localhost:9002/actuator/health",
         "templated":false
      },
      "shutdown":{
         "href":"http://localhost:9002/actuator/shutdown",
         "templated":false
      },
      "info":{
         "href":"http://localhost:9002/actuator/info",
         "templated":false
      },
      "prometheus":{
         "href":"http://localhost:9002/actuator/prometheus",
         "templated":false
      },
      "metrics-requiredMetricName":{
         "href":"http://localhost:9002/actuator/metrics/{requiredMetricName}",
         "templated":true
      },
      "metrics":{
         "href":"http://localhost:9002/actuator/metrics",
         "templated":false
      }
   }
}

Upvotes: 5

Views: 5946

Answers (2)

Toni
Toni

Reputation: 5135

According to Spring documentation:

To disable the “discovery page”, add the following property to your application properties:

management.endpoints.web.discovery.enabled=false

Upvotes: 5

Mike
Mike

Reputation: 5172

There is no configuration value for this. The best you can do right now is move the management base endpoint to /, in which case the discovery page is disabled to prevent clashing with other endpoints in your app:

https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-endpoints.html#production-ready-endpoints-hypermedia

When the management context path is set to /, the discovery page is disabled to prevent the possibility of a clash with other mappings.

If you're using Spring Security you can effectively hide the discovery page using something like this inside your own WebSecurityConfigurerAdapter:

@Override
protected void configure(HttpSecurity http) throws Exception
{
   http
      .authorizeRequests()
         .mvcMatchers("/actuator").denyAll()
         .mvcMatchers("/actuator/").denyAll()
}

This would deny all requests to the discovery page, but allow requests through to the individual exposed endpoints.

There is some discussion of the discovery page in this GitHub issue as well:

https://github.com/spring-projects/spring-boot/issues/10331

Upvotes: 6

Related Questions