How to get all actuator endpoints programatically using spring boot 2?
Spring Boot Actuator 2.x exposes /actuator endpoints as configurable environment variables.
Enabling Acutator Endpoints
You can enable these actuator endpoints in your application.properties
management.endpoints.web.exposure.include=info, health
or (with extreme caution) enable them all. Keep in mind that many of these are sensitive in nature.
management.endpoints.web.exposure.include=*
Securing Actuator Endpoints (reference)
The documentation specifies this as a strategy to secure all endpoints. The EndpointRequest itself would be the closest alternative to what you were looking for (MvcEndpoints)
@Configuration
public class ActuatorSecurity extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests()
.anyRequest().hasRole("ENDPOINT_ADMIN")
.and()
.httpBasic();
}
}
You may also set up a particular antmatcher in case you have a different strategy or role that you would like to assign just to these endpoints
httpRequest.authorizeRequests().antMatcher("/actuator/*").hasRole("ENDPOINT_ADMIN")
Everything you need is in the org.springframework.boot.actuate.endpoint.web.PathMappedEndpoints bean. This should set you on the right path, if you'll pardon the pun:
@Slf4j
@Component
public class ActuatorLogger {
public ActuatorLogger(@Autowired PathMappedEndpoints pme) {
log.info("Actuator base path: {}", pme.getBasePath());
pme.getAllPaths().forEach(p -> log.info("Path: {}", p));
}
}
org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest is available to help you set spring security rules for actuator endpoints when you need to do it from code. For example, in your WebSecurityConfigurerAdapter implementation, this fragment could be merged in to your existing rules:
http.authorizeRequests()
.requestMatchers(EndpointRequest.to(ShutdownEndpoint.class))
.hasAnyAuthority("ROLE_ADMIN", "ROLE_SUPPORT")