Master Spring Boot Actuator: Integration, Secure Shutdown, and Custom Endpoints
This guide walks through adding Spring Boot Actuator to a project, configuring default and custom endpoints, securing shutdown operations, and demonstrates practical code snippets and curl commands for monitoring and managing a Spring Boot application.
Introduction
Spring Boot Actuator provides HTTP/JMX endpoints for health checks, metrics, configuration, request tracing, and other operational data, enabling application introspection and monitoring.
Integration
Add the starter dependency to pom.xml:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>After restarting, http://localhost:8080/actuator lists available endpoints.
Default Endpoints
Typical endpoints include /actuator/health, /actuator/info, and a self‑link. Sensitive endpoints are hidden unless explicitly enabled.
Exposing Endpoints
To expose all endpoints (not recommended for production), add to application.yml or application.properties:
management:
endpoints:
web:
exposure:
include: '*'
jmx:
exposure:
include: '*'Prefer listing only required endpoints and securing them with authentication.
Shutdown Endpoint
The /actuator/shutdown endpoint is disabled by default. Enable it and expose it:
management:
endpoint:
shutdown:
enabled: true
endpoints:
web:
exposure:
include: '*'
jmx:
exposure:
include: '*'Trigger graceful shutdown with a POST request:
curl -X POST "http://localhost:8080/actuator/shutdown"Secure the shutdown endpoint by:
Customizing the base path with management.endpoints.web.base-path.
Binding the management server to 127.0.0.1 via management.server.address to block remote access.
Optionally using a separate port with management.server.port.
Example secure configuration:
management:
endpoint:
shutdown:
enabled: true
endpoints:
web:
exposure:
include: '*'
jmx:
exposure:
include: '*'
server:
port: 8080
address: 127.0.0.1Alternatively, add Spring Security to require authentication for all Actuator endpoints.
Custom Endpoint
Define a bean annotated with @Endpoint. Methods must be annotated with @ReadOperation, @WriteOperation, or @DeleteOperation to be exposed as GET, POST, or DELETE respectively.
@Component
@Endpoint(id = "my")
public class EndpointCustom {
@ReadOperation
public String endpointCustomRead(String content) {
return "请求的内容: " + content;
}
@WriteOperation
public String endpointCustomWrite(String content) {
return "写的内容: " + content;
}
@DeleteOperation
public String endpointCustomDelete(String content) {
return "删除的内容: " + content;
}
}Access the custom endpoint:
# GET
curl -X GET "http://localhost:8080/actuator/my?content=endpointGet"
# POST
curl -X POST "http://localhost:8080/actuator/my?content=endpointPost"
# DELETE
curl -X DELETE "http://localhost:8080/actuator/my?content=endpointDELETE"Reference
Full source code: https://github.com/secbr/springboot-all/tree/master/springboot-actuator
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Senior Brother's Insights
A public account focused on workplace, career growth, team management, and self-improvement. The author is the writer of books including 'SpringBoot Technology Insider' and 'Drools 8 Rule Engine: Core Technology and Practice'.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.