Exposing Endpoints
By default, only the health endpoint is exposed over HTTP and JMX. Since Endpoints may contain sensitive information, you should carefully consider when to expose them.
To change which endpoints are exposed, use the following technology-specific include and exclude properties:
| Property | Default |
|---|---|
|
|
|
|
|
|
|
|
The include property lists the IDs of the endpoints that are exposed.
The exclude property lists the IDs of the endpoints that should not be exposed.
The exclude property takes precedence over the include property.
You can configure both the include and the exclude properties with a list of endpoint IDs.
For example, to only expose the health and info endpoints over JMX, use the following property:
-
Properties
-
YAML
management.endpoints.jmx.exposure.include=health,infomanagement:
endpoints:
jmx:
exposure:
include: "health,info"* can be used to select all endpoints.
For example, to expose everything over HTTP except the env and beans endpoints, use the following properties:
-
Properties
-
YAML
management.endpoints.web.exposure.include=*
management.endpoints.web.exposure.exclude=env,beansmanagement:
endpoints:
web:
exposure:
include: "*"
exclude: "env,beans"
* has a special meaning in YAML, so be sure to add quotation marks if you want to include (or exclude) all endpoints.
|
| If your application is exposed publicly, we strongly recommend that you also secure your endpoints. |
If you want to implement your own strategy for when endpoints are exposed, you can register an EndpointFilter bean.
|