Spring Boot - Actuator (Health Checks and Monitoring)

Adding Actuator
Key built-in endpoints
Exposing endpoints
Custom health indicator
Securing Actuator endpoints

<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-actuator</artifactId> </dependency>

/actuator/health — overall health status and component details.
/actuator/info — arbitrary application metadata (version, git commit, etc.).
/actuator/metrics — JVM, HTTP, and custom metrics.
/actuator/env — all environment properties and their source.
/actuator/loggers — view and change logger levels at runtime.
/actuator/threaddump — current thread state for diagnosing deadlocks.
/actuator/mappings — lists all @RequestMapping routes.

By default only /health is exposed over HTTP. Enable additional endpoints in application.properties.

# Expose selected endpoints management.endpoints.web.exposure.include=health,info,metrics,loggers,env # Show full health detail management.endpoint.health.show-details=always # Isolate actuator to an internal port management.server.port=9090 # Populate /actuator/info info.app.name=My Spring App info.app.version=1.0.0

Implement HealthIndicator to add component-level health checks — for example, verifying an external API is reachable.

import org.springframework.boot.actuate.health.Health; import org.springframework.boot.actuate.health.HealthIndicator; import org.springframework.stereotype.Component; @Component("externalApi") public class ExternalApiHealthIndicator implements HealthIndicator { private final ExternalApiClient apiClient; public ExternalApiHealthIndicator(ExternalApiClient apiClient) { this.apiClient = apiClient; } @Override public Health health() { try { boolean ok = apiClient.ping(); return ok ? Health.up().withDetail("url", apiClient.getBaseUrl()).build() : Health.down().withDetail("reason", "Ping failed").build(); } catch (Exception e) { return Health.down(e).build(); } } }

This appears under /actuator/health as a component named externalApi.

In production, restrict sensitive endpoints. Combine management.server.port with firewall rules, or use Spring Security to require authentication.

import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; @Configuration public class ActuatorSecurityConfig { @Bean public SecurityFilterChain actuatorSecurity(HttpSecurity http) throws Exception { http .securityMatcher(EndpointRequest.toAnyEndpoint()) .authorizeHttpRequests(auth -> auth .requestMatchers(EndpointRequest.to("health", "info")).permitAll() .anyRequest().hasRole("ADMIN") ) .httpBasic(h -> {}); return http.build(); } }

Contents