Skip to content

Commit cea6492

Browse files
committed
Align default JMX and WEB endpoint exposures
Closes gh-32005
1 parent 1f6a966 commit cea6492

File tree

4 files changed

+14
-112
lines changed

4 files changed

+14
-112
lines changed

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/endpoint/expose/EndpointExposure.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ public enum EndpointExposure {
2727
/**
2828
* Exposed via JMX endpoint.
2929
*/
30-
JMX("*"),
30+
JMX("health"),
3131

3232
/**
3333
* Exposed via a web endpoint.

spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/endpoint/jmx/JmxEndpointAutoConfigurationTests.java

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -80,8 +80,9 @@ void jmxEndpointWithJmxSupportAutoConfigured() {
8080
@Test
8181
void jmxEndpointWithCustomEndpointObjectNameFactory() {
8282
EndpointObjectNameFactory factory = mock(EndpointObjectNameFactory.class);
83-
this.contextRunner.withPropertyValues("spring.jmx.enabled=true").with(mockMBeanServer())
84-
.withBean(EndpointObjectNameFactory.class, () -> factory).run((context) -> {
83+
this.contextRunner
84+
.withPropertyValues("spring.jmx.enabled=true", "management.endpoints.jmx.exposure.include=test")
85+
.with(mockMBeanServer()).withBean(EndpointObjectNameFactory.class, () -> factory).run((context) -> {
8586
ArgumentCaptor<ExposableJmxEndpoint> argumentCaptor = ArgumentCaptor
8687
.forClass(ExposableJmxEndpoint.class);
8788
then(factory).should().getObjectName(argumentCaptor.capture());
@@ -96,7 +97,7 @@ void jmxEndpointWithContextHierarchyGeneratesUniqueNamesForEachEndpoint() throws
9697
.willReturn(new HashSet<>(Arrays.asList(new ObjectName("test:test=test"))));
9798
ArgumentCaptor<ObjectName> objectName = ArgumentCaptor.forClass(ObjectName.class);
9899
ApplicationContextRunner jmxEnabledContextRunner = this.contextRunner
99-
.withPropertyValues("spring.jmx.enabled=true");
100+
.withPropertyValues("spring.jmx.enabled=true", "management.endpoints.jmx.exposure.include=test");
100101
jmxEnabledContextRunner.with(mockMBeanServer()).run((parent) -> {
101102
jmxEnabledContextRunner.withParent(parent).run(NO_OPERATION);
102103
jmxEnabledContextRunner.withParent(parent).run(NO_OPERATION);

spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/integrationtest/JmxEndpointIntegrationTests.java

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -59,18 +59,20 @@ class JmxEndpointIntegrationTests {
5959
.withConfiguration(AutoConfigurations.of(EndpointAutoConfigurationClasses.ALL));
6060

6161
@Test
62-
void jmxEndpointsAreExposed() {
62+
void jmxEndpointsExposeHealthByDefault() {
6363
this.contextRunner.run((context) -> {
6464
MBeanServer mBeanServer = context.getBean(MBeanServer.class);
65-
checkEndpointMBeans(mBeanServer, new String[] { "beans", "conditions", "configprops", "env", "health",
66-
"info", "mappings", "threaddump", "httptrace" }, new String[] { "shutdown" });
65+
checkEndpointMBeans(mBeanServer, new String[] { "health" }, new String[] { "beans", "conditions",
66+
"configprops", "env", "info", "mappings", "threaddump", "httptrace", "shutdown" });
6767
});
6868
}
6969

7070
@Test
7171
void jmxEndpointsAreExposedWhenLazyInitializationIsEnabled() {
72-
this.contextRunner.withBean(LazyInitializationBeanFactoryPostProcessor.class,
73-
LazyInitializationBeanFactoryPostProcessor::new).run((context) -> {
72+
this.contextRunner.withPropertyValues("management.endpoints.jmx.exposure.include:*")
73+
.withBean(LazyInitializationBeanFactoryPostProcessor.class,
74+
LazyInitializationBeanFactoryPostProcessor::new)
75+
.run((context) -> {
7476
MBeanServer mBeanServer = context.getBean(MBeanServer.class);
7577
checkEndpointMBeans(mBeanServer, new String[] { "beans", "conditions", "configprops", "env",
7678
"health", "info", "mappings", "threaddump", "httptrace" }, new String[] { "shutdown" });

spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc

Lines changed: 2 additions & 103 deletions
Original file line numberDiff line numberDiff line change
@@ -146,109 +146,8 @@ If you want to change only the technologies over which an endpoint is exposed, u
146146

147147
[[actuator.endpoints.exposing]]
148148
=== Exposing Endpoints
149+
By default, only the health endpoint is exposed over HTTP and JMX.
149150
Since Endpoints may contain sensitive information, you should carefully consider when to expose them.
150-
The following table shows the default exposure for the built-in endpoints:
151-
152-
[cols="1,1,1"]
153-
|===
154-
| ID | JMX | Web
155-
156-
| `auditevents`
157-
| Yes
158-
| No
159-
160-
| `beans`
161-
| Yes
162-
| No
163-
164-
| `caches`
165-
| Yes
166-
| No
167-
168-
| `conditions`
169-
| Yes
170-
| No
171-
172-
| `configprops`
173-
| Yes
174-
| No
175-
176-
| `env`
177-
| Yes
178-
| No
179-
180-
| `flyway`
181-
| Yes
182-
| No
183-
184-
| `health`
185-
| Yes
186-
| Yes
187-
188-
| `heapdump`
189-
| N/A
190-
| No
191-
192-
| `httptrace`
193-
| Yes
194-
| No
195-
196-
| `info`
197-
| Yes
198-
| No
199-
200-
| `integrationgraph`
201-
| Yes
202-
| No
203-
204-
| `logfile`
205-
| N/A
206-
| No
207-
208-
| `loggers`
209-
| Yes
210-
| No
211-
212-
| `liquibase`
213-
| Yes
214-
| No
215-
216-
| `metrics`
217-
| Yes
218-
| No
219-
220-
| `mappings`
221-
| Yes
222-
| No
223-
224-
| `prometheus`
225-
| N/A
226-
| No
227-
228-
| `quartz`
229-
| Yes
230-
| No
231-
232-
| `scheduledtasks`
233-
| Yes
234-
| No
235-
236-
| `sessions`
237-
| Yes
238-
| No
239-
240-
| `shutdown`
241-
| Yes
242-
| No
243-
244-
| `startup`
245-
| Yes
246-
| No
247-
248-
| `threaddump`
249-
| Yes
250-
| No
251-
|===
252151

253152
To change which endpoints are exposed, use the following technology-specific `include` and `exclude` properties:
254153

@@ -274,7 +173,7 @@ The `exclude` property lists the IDs of the endpoints that should not be exposed
274173
The `exclude` property takes precedence over the `include` property.
275174
You can configure both the `include` and the `exclude` properties with a list of endpoint IDs.
276175

277-
For example, to stop exposing all endpoints over JMX and only expose the `health` and `info` endpoints, use the following property:
176+
For example, to only expose the `health` and `info` endpoints over JMX, use the following property:
278177

279178
[source,yaml,indent=0,subs="verbatim",configprops,configblocks]
280179
----

0 commit comments

Comments
 (0)