CODEWITHSUNDEEP
javaspringspring-bootspring-securityspring-boot-actuator
Coen Damen
Coen Damen

Reputation: 2109

Spring Boot 2 Actuator endpoints return 405 on GET request

I am configuring spring Boot actuator but the /actuator and /health endpoints return a 405 in each GET request.

I opened up the entire security mechanism but it's not working:

management.endpoints.jmx.exposure.exclude=*
management.endpoints.web.exposure.include=health,info,beans,env
management.endpoint.health.enabled=true
management.security.enabled=false
management.endpoint.beans.cache.time-to-live=10s
management.endpoints.web.cors.allowed-origins=*
management.endpoints.web.cors.allowed-methods=GET,POST

I added the following config

@Configuration(proxyBeanMethods = false)
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Override
public void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/health", "/actuator").permitAll().and().csrf().disable();
    super.configure(http);
}

}

So, I followed the tutorial and it seems pretty simple, I don't see why I get this 405 on the default GET request. When I call the endpoint with cURL:

 curl http://localhost:8080/sm-integration/health -v --> 405
 curl -X POST http://localhost:8080/sm-integration/health -v --> 400

I don't understand the 400 Bad Request when doing a POST. The docs state that /health is the most basic and open endpoint and should be called as a GET call. So why the 405?

update After receiving several answers, I have set the config like this:

@Override
public void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/health", "/actuator/**").permitAll().and().csrf().disable();
}

I changed the call to http://localhost:8080/sm-integration/actuator/health

But I still get the 405.

In the Tomcat access logging I do see the request has arrived.

10.0.2.2 - - [06/Jul/2020:16:41:06 +0000] "GET /sm-integration/actuator/health HTTP/1.1" 405 5
10.0.2.2 - - [06/Jul/2020:16:41:12 +0000] "GET /sm-integration/actuator/health HTTP/1.1" 405 5
10.0.2.2 - - [06/Jul/2020:16:41:45 +0000] "GET /sm-integration/actuator/health HTTP/1.1" 405 5
10.0.2.2 - - [06/Jul/2020:16:42:18 +0000] "GET /sm-integration/actuator/health HTTP/1.1" 405 5
10.0.2.2 - - [06/Jul/2020:16:43:04 +0000] "GET /sm-integration/actuator HTTP/1.1" 405 5

Upvotes: 1

Views: 2530

Answers (2)

Coen Damen
Coen Damen

Reputation: 2109

OK turns out I was looking in the wrong direction. Posting this answer for all who encounter the same issue.

The problem was that the project (maven module) where I introduced Actuator was a Spring WebService project. The project has a DispatcherServlet pointing to "/*". After I explicitly changed it to listen to another base url, the Actuator url was available.

@Bean
public ServletRegistrationBean registerMessageDispatcherServlet(final ApplicationContext applicationContext) {
    final MessageDispatcherServlet servlet = new MessageDispatcherServlet();
    servlet.setApplicationContext(applicationContext);
    servlet.setTransformWsdlLocations(true);
    return new ServletRegistrationBean(servlet, "/ws/*"); --> was "/*"
}

Upvotes: 6

Romil Patel
Romil Patel

Reputation: 13727

Possible URLs:

  • Spring Boot Actuator endpoints should be accessed at {ip}:{port}/actuator/{endpoint}

  • In the case of context, the path is set for an application you may access the same at {ip}:{port}/{context-path}/actuator/{endpoint}

  • In case you have customized the base-path using management.endpoints.web.base-path you may access it at {ip}:{port}/{web.base-path}/{endpoint}

Remove super.configure(http); as it will override your configurations and change "/actuator" to "/actuator/**"

@Override
public void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/health", "/actuator/**").permitAll().and().csrf().disable();
}

Upvotes: 1

Related Questions