Configuration properties classes for endpoint-specific settings including show-values control, recording options, CORS, and endpoint-specific customizations.
| Property Class | Prefix | Purpose |
|---|---|---|
WebEndpointProperties | management.endpoints.web | Web exposure, base path, path mappings |
CorsEndpointProperties | management.endpoints.web.cors | CORS configuration |
JmxEndpointProperties | management.endpoints.jmx | JMX exposure, domain |
ConfigurationPropertiesReportEndpointProperties | management.endpoint.configprops | ConfigProps show-values |
EnvironmentEndpointProperties | management.endpoint.env | Env show-values |
InfoContributorProperties | management.info | Info contributors |
HttpExchangesProperties | management.httpexchanges | HTTP recording |
LogFileWebEndpointProperties | management.endpoint.logfile | Log file location |
ManagementServerProperties | management.server | Separate server config |
import org.springframework.boot.actuate.endpoint.Show;
@ConfigurationProperties("management.endpoint.configprops")
public class ConfigurationPropertiesReportEndpointProperties {
private Show showValues = Show.NEVER; // Default: NEVER
private final Set<String> roles = new HashSet<>(); // Required roles
}
/**
* Show enum (from org.springframework.boot.actuate.endpoint.Show)
* Defined in spring-boot-actuator module
*/
enum Show {
NEVER, // Always sanitize (default)
ALWAYS, // Never sanitize
WHEN_AUTHORIZED // Sanitize unless user has required roles
}Properties:
management.endpoint.configprops.show-values=NEVER|ALWAYS|WHEN_AUTHORIZED
management.endpoint.configprops.roles=ADMIN,OPERATORimport org.springframework.boot.actuate.endpoint.Show;
@ConfigurationProperties("management.endpoint.env")
public class EnvironmentEndpointProperties {
private Show showValues = Show.NEVER; // Default: NEVER
private final Set<String> roles = new HashSet<>(); // Required roles
}Properties:
management.endpoint.env.show-values=NEVER|ALWAYS|WHEN_AUTHORIZED
management.endpoint.env.roles=ADMIN,DEVOPSimport org.springframework.boot.actuate.web.exchanges.Include;
@ConfigurationProperties("management.httpexchanges")
public class HttpExchangesProperties {
private Recording recording = new Recording();
public static class Recording {
// Default: TIME_TAKEN, REQUEST_HEADERS, RESPONSE_HEADERS
private Set<Include> include = new HashSet<>(Include.defaultIncludes());
}
}
/**
* Include enum (from org.springframework.boot.actuate.web.exchanges.Include)
* Defined in spring-boot-actuator module
*/
enum Include {
REQUEST_HEADERS, // Request headers (excludes Authorization, Cookie)
RESPONSE_HEADERS, // Response headers (excludes Set-Cookie)
COOKIE_HEADERS, // Cookie headers
AUTHORIZATION_HEADER, // Authorization header
TIME_TAKEN, // Request duration
PRINCIPAL, // Authenticated user
REMOTE_ADDRESS, // Client IP
SESSION_ID; // Session ID
public static Set<Include> defaultIncludes(); // Returns TIME_TAKEN, REQUEST_HEADERS, RESPONSE_HEADERS
}Properties:
# Minimal (safe for production)
management.httpexchanges.recording.include=TIME_TAKEN
# Full recording (development only)
management.httpexchanges.recording.include=REQUEST_HEADERS,RESPONSE_HEADERS,COOKIE_HEADERS,AUTHORIZATION_HEADER,TIME_TAKEN,PRINCIPAL,REMOTE_ADDRESS,SESSION_ID@ConfigurationProperties("management.info")
public class InfoContributorProperties {
private Git git = new Git();
public static class Git {
private Mode mode = Mode.SIMPLE; // Default: SIMPLE
public enum Mode {
SIMPLE, // Basic: branch, commit.id, commit.time
FULL // All git properties
}
}
}Properties:
# Git info mode
management.info.git.mode=SIMPLE|FULL
# Enable/disable contributors
management.info.git.enabled=true
management.info.env.enabled=true
management.info.build.enabled=true
management.info.java.enabled=true
management.info.os.enabled=false
management.info.process.enabled=true
management.info.ssl.enabled=false
# Default for all
management.info.defaults.enabled=true/**
* Configuration properties for log file endpoint
* Allows accessing log files that are written by external processes
* @since 2.0.0
*/
@ConfigurationProperties("management.endpoint.logfile")
public class LogFileWebEndpointProperties {
/**
* External log file to be accessed via the logfile endpoint
* Can be used if the log file is written by output redirect rather than the logging system itself
*/
private @Nullable File externalFile;
/**
* Gets the external log file location
* @return The external log file, or null if not configured
*/
public @Nullable File getExternalFile();
/**
* Sets the external log file location
* @param externalFile The external log file path
*/
public void setExternalFile(@Nullable File externalFile);
}Properties:
# External log file path (optional)
management.endpoint.logfile.external-file=/var/log/myapp.logUsage Notes:
java -jar app.jar > /var/log/app.log)logging.file.name)/actuator/logfile) will serve this file when configuredExample: Docker container with external log file
# docker-compose.yml
services:
app:
image: myapp:latest
volumes:
- ./logs:/var/log/app
environment:
- MANAGEMENT_ENDPOINT_LOGFILE_EXTERNAL_FILE=/var/log/app/application.log@ConfigurationProperties("management.endpoints.web")
public class WebEndpointProperties {
private String basePath = "/actuator"; // Base path
private Map<String, String> pathMapping = new LinkedHashMap<>(); // Endpoint path mappings
private Exposure exposure = new Exposure(); // Include/exclude
private Discovery discovery = new Discovery(); // Discovery page
public static class Exposure {
private Set<String> include = new LinkedHashSet<>(); // Default: empty (configured by framework)
private Set<String> exclude = new LinkedHashSet<>(); // Default: empty
}
public static class Discovery {
private boolean enabled = true; // Default: true
}
}Properties:
management.endpoints.web.base-path=/actuator
management.endpoints.web.path-mapping.health=healthcheck
management.endpoints.web.exposure.include=*
management.endpoints.web.exposure.exclude=shutdown
management.endpoints.web.discovery.enabled=true@ConfigurationProperties("management.endpoints.web.cors")
public class CorsEndpointProperties {
private List<String> allowedOrigins = new ArrayList<>();
private List<String> allowedOriginPatterns = new ArrayList<>();
private List<String> allowedMethods = new ArrayList<>();
private List<String> allowedHeaders = new ArrayList<>();
private List<String> exposedHeaders = new ArrayList<>();
private Boolean allowCredentials;
private Duration maxAge = Duration.ofSeconds(1800); // Default: 30 minutes
public @Nullable CorsConfiguration toCorsConfiguration(); // Returns null if no origins configured
}Properties:
management.endpoints.web.cors.allowed-origins=https://example.com
management.endpoints.web.cors.allowed-origin-patterns=https://*.example.com
management.endpoints.web.cors.allowed-methods=GET,POST
management.endpoints.web.cors.allowed-headers=Authorization,Content-Type
management.endpoints.web.cors.exposed-headers=X-Custom-Header
management.endpoints.web.cors.allow-credentials=true
management.endpoints.web.cors.max-age=3600@ConfigurationProperties("management.endpoints.jmx")
public class JmxEndpointProperties {
private String domain; // JMX domain
private Properties staticNames = new Properties(); // Static ObjectName properties
private Exposure exposure = new Exposure(); // Include/exclude
public static class Exposure {
private Set<String> include = new LinkedHashSet<>(); // Default: empty (configured by framework)
private Set<String> exclude = new LinkedHashSet<>(); // Default: empty
}
}Properties:
management.endpoints.jmx.domain=com.example.myapp
management.endpoints.jmx.static-names.application=MyApp
management.endpoints.jmx.static-names.environment=production
management.endpoints.jmx.exposure.include=*
management.endpoints.jmx.exposure.exclude=shutdownmanagement.endpoints.web.exposure.include=*
management.endpoint.env.show-values=ALWAYS
management.endpoint.configprops.show-values=ALWAYS
management.httpexchanges.recording.include=REQUEST_HEADERS,RESPONSE_HEADERS,TIME_TAKEN
management.endpoints.web.cors.allowed-origin-patterns=*management.endpoints.web.exposure.include=health,info,metrics,beans,loggers
management.endpoint.env.show-values=WHEN_AUTHORIZED
management.endpoint.env.roles=ADMIN
management.endpoint.configprops.show-values=WHEN_AUTHORIZED
management.endpoint.configprops.roles=ADMIN
management.httpexchanges.recording.include=TIME_TAKEN,REMOTE_ADDRESSmanagement.endpoints.web.exposure.include=health,info,metrics,prometheus
management.endpoints.web.exposure.exclude=shutdown,heapdump,threaddump
management.endpoint.env.show-values=NEVER
management.endpoint.configprops.show-values=NEVER
management.httpexchanges.recording.include=TIME_TAKEN
management.endpoints.web.cors.allowed-origins=https://app.example.com| Mistake | Correct |
|---|---|
management.endpoint.health.enabled | management.endpoint.health.access=UNRESTRICTED |
management.endpoints.enabled-by-default | management.endpoints.access.default=READ_ONLY |
management.endpoints.cors.* | management.endpoints.web.cors.* |
@Configuration
@EnableConfigurationProperties({
WebEndpointProperties.class,
CorsEndpointProperties.class,
ManagementServerProperties.class
})
public class ActuatorConfiguration {
@Bean
public EndpointPathResolver pathResolver(WebEndpointProperties properties) {
return new EndpointPathResolver(properties.getBasePath(), properties.getPathMapping());
}
}