Actuator ID | Endpoint | Description |
---|
auditevents | /actuator/auditevents | Exposes audit events information for the current application |
beans | /actuator/beans | Displays a complete list of all the Spring beans present in runtime |
conditions | /actuator/conditions | Shows the conditions that were evaluated on configuration and auto-configuration classes and the reasons why they did or did not match |
configprops | /actuator/configprops | Displays the used runtime properties |
env | /actuator/env | Displays all the profiles, runtime properties, system properties and environment variables |
health | /actuator/health | Shows runtime health information |
httptrace | /actuator/httptrace | Displays information about the last x HTTP requests (By default x=100) |
info | /actuator/info | Displays information about the runtime. Currently displays the list of unhandled exceptions |
logfile | /actuator/logfile | Returns the contents of the log file (if configured through logging.file.name ) |
loggers | /actuator/loggers | Displays and modifies the configuration of loggers in the application |
mappings | /actuator/mappings | Displays a collated list of all @RequestMapping paths |
metrics | /actuator/metrics | Displays various metrics about the runtime. Both standard Spring Boot metrics and Blueriq specific metrics are displayed |
threaddump | /actuator/threaddump | Performs a thread dump. |
Enable component
To enable Blueriq Actuators add the Spring profile named actuator in file
Include Page |
---|
| _PropertiesBootstrap |
---|
| _PropertiesBootstrap |
---|
|
. For example:
Code Block |
---|
language | text |
---|
title | bootstrap.properties |
---|
|
spring.profiles.active=native,actuator |
Info |
---|
Starting with Release 13, the refresh endpoint should be both enabled and exposed when the development-tools profile is active, otherwise the runtime will not start. |
Context path
The default path for Blueriq Actuators is /actuator
. This can be changed to a different path with the management.endpoints.web.base-path
property:
Code Block |
---|
language | text |
---|
title | application-actuator.properties |
---|
|
management.endpoints.web.base-path=/somethingElse |
If the runtime is accessible via https://localhost:8080/Runtime
, the actuators can be found at https://localhost:8080/Runtime/actuator
by default, or at http://localhost:8080/Runtime/somethingElse
if the property above would be set.
Exposing endpoints
All enabled endpoints are available through both JMX and HTTP. (except for the logfile
endpoint, which is only available through HTTP). You should limit the access to the endpoint to not be accessible from the public network. To customize this, you can change the following properties.
Property | Blueriq default |
---|
management.endpoints.jmx.exposure.exclude
|
|
management.endpoints.jmx.exposure.include
| *
|
management.endpoints.web.exposure.exclude
|
|
management.endpoints.web.exposure.include
| *
|
So for instance to disable exposing all the endpoints but the health
endpoint via JMX, add the following property.
Code Block |
---|
language | text |
---|
title | application-actuator.properties |
---|
|
management.endpoints.jmx.exposure.include=health |
In this example all endpoints are still exposed via HTTP.
Note |
---|
Starting with Release 13, JMX is disabled by default. You can reenable it by setting the property spring.jmx.enabled to true . |
SecurityDefault security
By default all actuators are secured using basic authentication . In order to access actuator endpoints, the authenticated with the user below. You can override this, please keep in mind that the user must have the role 'ACTUATOR'. When using the development tools component, this user can be defined in the users.properties file.
Code Block |
---|
language | text |
---|
title | user.properties |
---|
|
adminspring.security.user.name=blueriq
spring.security.user.password={noop}welcome,
spring.security.user.roles=ACTUATOR |
Enable/disable default security
When more control over the security of individual endpoints is required, a custom implementation can be written.
For this, you first need to disable the default security for the actuators. This can be done by setting the property blueriq.security.actuator.enabled
in application-actuator.properties
. If you don't specify this property, security will be enabled.:
Code Block |
---|
language | text |
---|
title | application-actuator.properties |
---|
|
# Security
blueriq.security.actuator.enabled=false |
Implementing custom security for actuator endpoints
By default, all users need to have the role ACTUATOR
to acces the actuator pagesThen you can implement custom your own security logic. In the following example, the endpoints actuator/health
and actuator/info
are available to alleveryone, but the CUSTOM_ROLE
is is required to access the other actuator endpoints. This can be done by disabling the default security for actuator, and implement your own custom SecurityConfigurer security configuration like in the example below.
Code Block |
---|
language | java |
---|
title | CustomMetricsApiSecurityConfigurerCustomMetricsApiSecurityConfiguration.java |
---|
|
@Configuration
@ConditionalOnProperty(name = "blueriq.security.actuator.enabled", havingValue = "false", matchIfMissing = false)
public class CustomMetricsApiSecurityConfigurer extendsCustomMetricsApiSecurityConfiguration WebSecurityConfigurerAdapter {
// 1. Inject any required dependencies
@Autowired
private WebEndpointProperties webEndpointProperties;
@Autowired
@Qualifier("blueriqAuthenticationManager")
private AuthenticationManager authenticationManager;
// 2. Specify the authentication manager
@Override
public AuthenticationManager authenticationManager() throws Exception {
return authenticationManager;
}
// 3. Configure HTTP security
@Override
protected void configure(HttpSecurity http @Bean
@Order(1) // before runtime security configurations
protected SecurityFilterChain customActuatorSecurityChain(HttpSecurity http, WebEndpointProperties webEndpointProperties) throws Exception {
return http.antMatchersecurityMatcher(new AntPathRequestMatcher(webEndpointProperties.getBasePath() + "/**"))
.authorizeRequests()
authorizeHttpRequests(auth -> {
auth.requestMatchers(EndpointRequest.to(HealthEndpoint.class, InfoEndpoint.class)).permitAll();
auth.requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("CUSTOM_ROLE");
})
.build();
}
} |
Enable/Disable individual endpoints
Each endpoint can be enabled or disabled via a property with the format management.endpoint.[endpoint-id].enabled=true/false
Code Block |
---|
|
# Enable all endpoints
management.endpoints.enabled-by-default=true |
Actuator Endpoints
For a complete overview of the standard Spring Boot Actuator web API, which described example request and responses for all actuator endpoints, have a look at the documentation.
Info
The standard info
Code Block |
---|
|
GET http://localhost:92/Runtime/actuator/info |
Code Block |
---|
title | Example response |
---|
collapse | true |
---|
|
{
"exceptions": [
{
"cause": null,
"stackTrace": [
{
"methodName": "getInternalFlow",
"fileName": "FlowEngine.java",
"lineNumber": 269,
"className": "com.aquima.interactions.flow.model.FlowEngine",
"nativeMethod": false
},
{
"methodName": "startFlow",
"fileName": "FlowEngine.java",
"lineNumber": 130,
"className": "com.aquima.interactions.flow.model.FlowEngine",
"nativeMethod": false
}
...
],
"flowName": "main",
"message": "Unknown flow: main",
"localizedMessage": "Unknown flow: main",
"suppressed": []
}
]
} |
Metrics
Navigating to /Runtime/actuator/metrics
displays a list of available metrics. You can drill down to view information about a particular metric by providing its name as a selector, e.g. /actuator/metrics/jvm.memory.max
Code Block |
---|
|
GET http://localhost:92/Runtime/actuator/metrics |
Code Block |
---|
title | Example response |
---|
collapse | true |
---|
|
{
"names": [
"jvm.buffer.memory.used",
"jvm.memory.used",
"jvm.gc.memory.allocated",
"jvm.memory.committed",
"jvm.gc.max.data.size",
"logback.events",
"system.cpu.count",
"runtime.session.counter",
"jvm.memory.max",
"jvm.buffer.total.capacity",
"jvm.buffer.count",
"jvm.threads.daemon",
"process.start.time",
"runtime.average.compose.time",
"runtime.request.counter",
"jvm.gc.live.data.size",
"process.cpu.usage",
"jvm.gc.pause",
"process.uptime",
"runtime.average.event.time",
"runtime.exceptions.counter",
"http.server.requests",
"system.cpu.usage",
"jvm.threads.live",
"jvm.threads.peak",
"jvm.gc.memory.promoted"
]
} |
Blueriq specific metrics
The following Runtime specific metrics are available.
Metric | Description |
---|
runtime.request.counter | Counts the total number of request for the UI REST API ( /server/* ) |
runtime.exceptions.counter | Counts the number of unhandled exceptions |
runtime.session.counter | Counts the number of portal sessions currently in the runtime |
gauge.portal-session.page.compose.average-time | Measures the average page compose time in milliseconds |
gauge.response.portal-session.handle-event | Measures the average time for handling portal session events in milliseconds |
Info |
---|
The metrics are per node. When running in a cluster the counter.portal-session metric will not be displayed |
Blueriq specific endpoints
With the endpoints below you can reset some of the Blueriq specific metrics provided by the metrics
endpoint.
Reset Runtime Requests
Code Block |
---|
|
POST http://localhost:92/Runtime/actuator/runtime-reset-request-countruntimeResetRequestCount |
Code Block |
---|
|
runtime.request.counter was reset |
Reset Portal-Session Exceptions
Code Block |
---|
|
POST http://localhost:92/Runtime/actuator/portal-session-reset-exceptionsportalSessionResetExceptions |
Code Block |
---|
|
runtime.exceptions.counter was reset |
Reset Portal-Session Compose Time
Code Block |
---|
|
POST http://localhost:92/Runtime/actuator/portal-session-reset-compose-timeportalSessionResetComposeTime |
Code Block |
---|
|
gauge.portal-session.page.compose.average-time was reset |
Reset Portal-Session Handle-Event Time
Code Block |
---|
|
POST http://localhost:92/Runtime/actuator/portal-session-reset-handle-eventportalSessionResetHandleEvent |
Code Block |
---|
|
gauge.response.portal-session.handle-event was reset |