4

I am using Spring Actuator (version 2.2.4.RELEASE) to generate a health check endpoint at /localhost:8080/my-app/actuator/health which works correctly.

This generates 3 endpoints shown when visiting /actuator and shown in Swagger (version 2):

  1. /actuator/health
  2. /actuator/health/{*path} (in my swagger page, this is appearing as /actuator/health/**)
  3. /actuator/info

Because of AWS reasons, I am having issues with the health/** and would like to remove it (and I want to remove /info too as I have no need for it).

I have tried adding the following things to my application.properties file:

management.endpoints.web.exposure.exclude=health,info

and

management.endpoints.jmx.exposure.exclude=health,info

but it doesn't make any difference (they are still generated). I have tried using * to see if that forces all endpoints to disappear but it doesn't change anything either.

Any idea how I can resolved this issue?

EDIT 1

I found that a properties file was being overwritten by another. So, using the following commands:

management.endpoints.enabled-by-default=false
management.endpoint.health.enabled=true

Gets rid of the /actuator/info endpoint. However, I still need to get rid of the the /actuator/health/{*path} and keep the /actuator/health endpoint.

Community
  • 1
  • 1
Haych
  • 932
  • 13
  • 36
  • Maybe this would be of use to you: https://stackoverflow.com/questions/52039388/spring-security-add-filter-to-all-endpoint-except-one – Bobzone Mar 06 '20 at 14:58
  • In my case `management.endpoints.web.exposure.exclude=health,info` disables both web endpoint and swagger entry. Have you verified that there is no external configuration with higher priority, overriding your `application.properties`? For all property sources, check https://docs.spring.io/spring-boot/docs/current/reference/html/spring-boot-features.html#boot-features-external-config – Lesiak Mar 09 '20 at 09:59
  • @Lesiak There was an overwriting of properties issue which I have solved. However, there is still a problem. I have edited my answer with details. – Haych Mar 09 '20 at 10:23

2 Answers2

7

As specified in Exposing Endpoints section of actuator manual, web exposes two endpoints by default: health and info.

As you correctly noticed, that can be modified using:

  • management.endpoints.web.exposure.exclude
  • management.endpoints.web.exposure.include

properties (excludes have higher priority).

Thus, you can easily get rid of info endpoint.

Now, the health endpoint provides 2 URLs:

  • /actuator/health
  • /actuator/health/{*path}

It is unclear for me what is your motivation for leaving the former and disabling the latter, but I checked that you have at least 2 options:

Option 1 - replace health with your own implementation

You just need to:

  • exclude HealthEndpointAutoConfiguration to remove the default health endpoint
  • provide your own custom actuator endpoint mapped to health

Option 2: Leave /actuator/health but remove /actuator/health/{*path}

Both operations are defined in org.springframework.boot.actuate.health.HealthEndpoint

@Endpoint(id = "health")
public class HealthEndpoint extends HealthEndpointSupport<HealthContributor, HealthComponent> {

    // ...

    @ReadOperation
    public HealthComponent health() {
        HealthComponent health = health(ApiVersion.V3, EMPTY_PATH);
        return (health != null) ? health : DEFAULT_HEALTH;
    }

    @ReadOperation
    public HealthComponent healthForPath(@Selector(match = Match.ALL_REMAINING) String... path) {
        return health(ApiVersion.V3, path);
    }
}

The easiest way to get rid of the @ReadOperation on the second method is to:

  • copy HealthEndpoint to your project (note: packages must match)
  • remove the @ReadOperation annotation on healthForPath
  • copy HealthEndpointSupport to prevent IllegalAccessError caused by different class loaders.
Lesiak
  • 22,088
  • 2
  • 41
  • 65
0

The recommended way of exposing swagger UI is enabling only a specific path. Here is an example that you can use to expose only /rest/* endpoints. You can replace it with any pattern that you need.

private ApiInfo apiInfo() {
    return new ApiInfoBuilder()
        .title("Give a meaningful Title")
        .description("Describe your API")
        .termsOfServiceUrl("Put your T&C URL")
        .contact("Contact details")
        .license("Licence Description")
        .licenseUrl("Licence Endpoint")
        .version("API Version")
        .build();
}
private Predicate<String> paths() {
    return or(regex("/rest/.*"));
}

@Bean
public Docket newsApi() {
    return new Docket(DocumentationType.SWAGGER_2)
        .groupName("rest")
        .apiInfo(apiInfo())
        .select()
        .paths(paths())
        .build();
}

This is sample that will allow only your endpoints that you want to expose.

See https://github.com/reflexdemon/shop/blob/master/src/main/java/org/shop/Application.java#L85-L107 for example implementation.

Demo to view the endpoint: https://shop.vpv.io/swagger-ui.html Sign-in by using username stack password overflow to view the swagger.

reflexdemon
  • 836
  • 8
  • 21