Description
Actuator endpoints allow you to monitor and interact with your Spring application. Spring Boot includes a number of built-in endpoints and you can also add your own. For example the health endpoint provides basic application health information.
Sample endpoints (not all are enabled by default):
- /conditions - Displays an auto-configuration report showing all auto-configuration candidates and the reason why they 'were' or 'were not' applied.
- /beans - Displays a complete list of all the Spring beans in your application.
- /configprops - Displays a collated list of all @ConfigurationProperties.
- /dump - Performs a thread dump.
- /env - Exposes properties from Spring's ConfigurableEnvironment.
- /health - Shows application health information (a simple 'status' when accessed over an unauthenticated connection or full message details when authenticated).
- /info - Displays arbitrary application info.
- /metrics - Shows 'metrics' information for the current application.
- /mappings - Displays a collated list of all @RequestMapping paths.
- /shutdown - Allows the application to be gracefully shutdown (not enabled by default).
- /httptrace - Displays trace information (by default the last few HTTP requests).
Remediation
In production, it is recommended to disable access to these endpoints.