Jmix - 2.0.2 Spring Boot Actuator endpoints are not available

peter.giber · October 26, 2023, 11:57am

Hi,

I intend to check the actuator endpoints in my Jmix application (version 2.0.2) but somehow I cannot make it work. I setup my application in the same way I did in case of my previous application that was written in Jmix 1.4.4. So I added the following configuration:

Build gradle dependencies:

    implementation 'org.springframework.boot:spring-boot-starter-actuator'
    implementation 'io.micrometer:micrometer-registry-prometheus'

Application properties:

management.server.port= 8081
management.endpoints.web.exposure.include= health, info, prometheus
management.endpoint.health.probes.enabled= true

This configuration worked well with 1.4.4 but provides an error with 2.0.2. When I try to check an actuator endpoint on localhost I experience the following: The application runs on port 8080, endpoints should be available on 8081. When I try to access ‘info’ endpoint by sending a get request to ‘actuator/info’ endpoint on 8081, it redirects it to ‘/login’ path again and again and it creates an endless loop that results in a ‘Error: Exceeded maxRedirects. Probably stuck in a redirect loop http://localhost:8081/login’ error message.

Please advise how to solve this issue and get the metrics of the running application.

Thanks,
Peter

shchienko · October 26, 2023, 2:51pm

Hello,

You need to allow access to Spring Actuator endpoints.

For example:

@Configuration
public class ActuatorSecurityConfiguration {

    @Bean
    @Order(JmixSecurityFilterChainOrder.FLOWUI - 10)
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.securityMatcher("/actuator/**")
                .authorizeHttpRequests((authorize) -> authorize.requestMatchers("/actuator/**").permitAll());
        return http.build();
    }
}

Regards,
Nikita

peter.giber · October 27, 2023, 1:01pm

Hi Nikita,

Thanks for your help. This solution solved the problem.

Best regards,
Peter

nils · January 18, 2024, 8:14am

Thanks for this example, Nikita. Does this still work the same way in JMix 2.1? I gave it a try with this configuration class but I’m still requested to login when I access my /actuator/* endpoints.

nils · March 1, 2024, 10:01am

I resolved my issue in the meantime - I did not put your Java Configuration file below src/main/java but below src/main/kotlin as my project is a Kotlin project and therefore the file was of course not picked up by Gradles Java compile run. I’m using the Kotlin version of your configuration file now

@Configuration
open class ActuatorSecurityConfiguration {
    @Bean
    @Order(JmixSecurityFilterChainOrder.FLOWUI - 10)
    open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
        http.securityMatcher("/actuator/**")
            .authorizeHttpRequests { authorize: AuthorizeHttpRequestsConfigurer<*>.AuthorizationManagerRequestMatcherRegistry ->
                authorize.requestMatchers("/actuator/**").permitAll()
            }
        return http.build()
    }
}

jakub.cech · May 6, 2024, 2:28pm

If someone is struggeling with this using different port for management (actuator), then I managed to solve it this way:

@Value("\${management.server.port}")
private lateinit var managementPort: String

@Bean
@Order(JmixSecurityFilterChainOrder.FLOWUI - 10)
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
    http.securityMatcher("/actuator/**")
        .authorizeHttpRequests { authorize ->
            authorize.requestMatchers(
                checkPort(managementPort.toInt()),
            ).permitAll()
        }
    return http.build()
}

private fun checkPort(port: Int): RequestMatcher = RequestMatcher { request -> port == request.localPort }