46.6 Security with HealthIndicators
Information returned by HealthIndicators is often somewhat sensitive in nature. For example, you probably don’t want to publish details of your database server to the world. For this reason, by default, only the health status is exposed over an unauthenticated HTTP connection. If you are happy for complete health information to always be exposed you can set endpoints.health.sensitive to false.
Health responses are also cached to prevent “denial of service” attacks. Use the endpoints.health.time-to-live property if you want to change the default cache period of 1000 milliseconds.
46.6.1 Auto-configured HealthIndicators
The following HealthIndicators are auto-configured by Spring Boot when appropriate:
| Name | Description |
|---|---|
CassandraHealthIndicator |
Checks that a Cassandra database is up. |
DiskSpaceHealthIndicator |
Checks for low disk space. |
DataSourceHealthIndicator |
Checks that a connection to DataSource can be obtained. |
ElasticsearchHealthIndicator |
Checks that an Elasticsearch cluster is up. |
JmsHealthIndicator |
Checks that a JMS broker is up. |
MailHealthIndicator |
Checks that a mail server is up. |
MongoHealthIndicator |
Checks that a Mongo database is up. |
RabbitHealthIndicator |
Checks that a Rabbit server is up. |
RedisHealthIndicator |
Checks that a Redis server is up. |
SolrHealthIndicator |
Checks that a Solr server is up. |
![[Tip]](Spring Boot Reference Guide_files/tip.png) |
Tip |
|---|---|
It is possible to disable them all using the management.health.defaults.enabled property. |
46.6.2 Writing custom HealthIndicators
To provide custom health information you can register Spring beans that implement the HealthIndicator interface. You need to provide an implementation of the health() method and return a Health response. The Health response should include a status and can optionally include additional details to be displayed.
import org.springframework.boot.actuate.health.Health;
import org.springframework.boot.actuate.health.HealthIndicator;
import org.springframework.stereotype.Component;
_@Component_
public class MyHealthIndicator implements HealthIndicator {
_@Override_
public Health health() {
int errorCode = check(); // perform some specific health check
if (errorCode != 0) {
return Health.down().withDetail("Error Code", errorCode).build();
}
return Health.up().build();
}
}
![[Note]](Spring Boot Reference Guide_files/note.png) |
Note |
|---|---|
The identifier for a given HealthIndicator is the name of the bean without the HealthIndicator suffix if it exists. In the example above, the health information will be available in an entry named my. |
In addition to Spring Boot’s predefined Status types, it is also possible for Health to return a custom Status that represents a new system state. In such cases a custom implementation of the HealthAggregator interface also needs to be provided, or the default implementation has to be configured using the management.health.status.order configuration property.
For example, assuming a new Status with code FATAL is being used in one of your HealthIndicator implementations. To configure the severity order add the following to your application properties:
management.health.status.order=DOWN, OUT_OF_SERVICE, UNKNOWN, UP
You might also want to register custom status mappings with the HealthMvcEndpoint if you access the health endpoint over HTTP. For example you could map FATAL to HttpStatus.SERVICE_UNAVAILABLE.