/ DEVOPS, METRICS, SPRING BOOT, MONITORING

Spring Boot 2.0 actuator change analysis

Some years ago, I discovered the Spring Boot actuator:

Spring Boot includes a number of additional features to help you monitor and manage your application when it’s pushed to production. You can choose to manage and monitor your application using HTTP endpoints, with JMX or even by remote shell (SSH or Telnet). Auditing, health and metrics gathering can be automatically applied to your application.

To sum it up, the actuator offers endpoints that allow monitoring of the application from different angles. This post is a change analysis between Spring Boot 2.0 and 1.5.

Endpoints availability

New endpoints

Several new endpoints have been added to the actuator in Spring Boot 2.0:

EndpointDescriptionNotes

httptrace

Displays info from the last HTTP requests

scheduledtasks

Displays the scheduled tasks in your application

sessions

Allows display and deletion of Spring Session related data

prometheus

Provides a Prometheus-compatible endpoint

Requires Spring MVC

Changes

The dump endpoint has been renamed to threaddump to disambiguate with the heapdump endpoint.

Endpoint configuration

Endpoint-related properties have been moved from the top-level endpoint property to management.endpoint, i.e.:

Spring Boot 1.5
endpoints.shutdown.enabled=true
Spring Boot 2.0
management.endpoint.shutdown.enabled=true

Cache management

Spring Boot 1.5

Only the health endpoint caches responses.

Spring Boot 2.0

All parameter-less read operations have such a cache.

Cache TTL can be configured, but it will be the same across all endpoints.

JMX access

Spring Boot 1.5

Endpoints are accessible over HTTP by default. In order to send metrics from the metrics endpoints to JMX, an additional exporter bean needs to be registered.

Spring Boot 2.0

JMX MBean wrappers are registered around (nearly) all endpoints. Every bean offers one single simple operation that displays the same data as if sending a GET request to the HTTP endpoint of the same. For example, the org.springframework.boot.Endpoint.Info MBean provides the info() operation, as shown below:

JConsole showing the info endpoint
By default, JMX MBeans are not secured

Security

Spring Boot 1.5

Endpoints may be flagged as sensitive. In order to access such endpoints, one has to autenticate with username/password credentials. The sensivity of each endpoint can be overriden in application.properties.

Spring Boot 2.0

Endpoints are secured using Spring Security if present: fine-grained configuration can be achieved using code.

Overall security can be disabled using the application.properties configuration file.

Health indicators security

Spring Boot 1.5

Only the overal health status (i.e. { status: UP }) is exposed when not authenticated. If details are must be displayed regardless of authentication status, the endpoint must be configured accordingly:

endpoints.health.sensitive=false
Spring Boot 2.0

There are 3 levels, details being shown:

  1. Always
  2. Only when authorized
  3. Never

Custom endpoints

Spring Boot 1.5

Creating a custom endpoint is a two-step process:

  1. Create a class that implements the Endpoint interface
  2. Register an instance of this class in the Spring contect, e.g. through a @Bean-annotated method

    Methods from such endpoints need to be annotated with Spring MVC’s @RequestMapping in order to be exposed over HTTP.

Spring Boot 2.0

The class doesn’t need to extend from a specific superclass. However, the class needs to be annotated with @Endpoint.

The framework takes care of providing the implementation.

Moreover, to replace Spring MVC annotations, Spring Boot offers @ReadOperation, @WriteOperation, and @DeleteOperation annotations.

Endpoints are accessible via HTTP and JMX. It’s possible to restrict accessibility to either the former or the later, by annotation the class with @WebEndpoint or @JmxEndpoint.

Additional health indicators

Spring Boot adds health indicators around the following dependencies:

  • Influx DB
  • Kafka
  • Neo4J

Conclusion

Spring Boot 2 changes how the actuator behaves in many non-trivial ways. Should one relies on Spring Boot’s actuator, one should take time to evaluate the effort to migrate.

Nicolas Fränkel

Nicolas Fränkel

Nicolas Fränkel is a Developer Advocate with 15+ years experience consulting for many different customers, in a wide range of contexts (such as telecoms, banking, insurances, large retail and public sector). Usually working on Java/Java EE and Spring technologies, but with narrower interests like Software Quality, Build Processes and Rich Internet Applications. Currently working for Exoscale. Also double as a teacher in universities and higher education schools, a trainer and triples as a book author.

Read More