Spring Boot 2.0 actuator change analysis

The dump endpoint has been renamed to threaddump to disambiguate with the heapdump endpoint.

Only the health endpoint caches responses.

All parameter-less read operations have such a cache.

Endpoints are accessible over HTTP by default. In order to send metrics from the metrics endpoints to JMX, an additional exporter bean needs to be registered.

JMX MBean wrappers are registered around (nearly) all endpoints. Every bean offers one single simple operation that displays the same data as if sending a GET request to the HTTP endpoint of the same. For example, the org.springframework.boot.Endpoint.Info MBean provides the info() operation, as shown below:

Endpoints may be flagged as sensitive. In order to access such endpoints, one has to autenticate with username/password credentials. The sensivity of each endpoint can be overriden in application.properties.

Endpoints are secured using Spring Security if present: fine-grained configuration can be achieved using code.

Only the overal health status (i.e. { status: UP }) is exposed when not authenticated. If details are must be displayed regardless of authentication status, the endpoint must be configured accordingly:

endpoints.health.sensitive=false

There are 3 levels, details being shown:

1. Always
2. Only when authorized
3. Never

Creating a custom endpoint is a two-step process:

1. Create a class that implements the Endpoint interface
2. Register an instance of this class in the Spring contect, e.g. through a @Bean-annotated method

   Methods from such endpoints need to be annotated with Spring MVC’s @RequestMapping in order to be exposed over HTTP.

The class doesn’t need to extend from a specific superclass. However, the class needs to be annotated with @Endpoint.