From c39b9f76353270e12e4320bfedf768145ab53ee9 Mon Sep 17 00:00:00 2001 From: Dave Syer Date: Sun, 28 Jun 2015 22:12:28 +0100 Subject: [PATCH] Tweak docs on /health endpoint to reflect secure/sensitive Fixes gh-2816 --- .../asciidoc/production-ready-features.adoc | 26 ++++++++++++++----- 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc b/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc index 6003483eeb..dbe73e8d10 100644 --- a/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc +++ b/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc @@ -86,7 +86,7 @@ The following endpoints are available: |true |`health` -|Shows application health information (a simple '`status`' when accessed over an +|Shows application health information (when the application is secure, a simple '`status`' when accessed over an unauthenticated connection or full message details when authenticated). |false @@ -157,8 +157,8 @@ For example, the following will disable _all_ endpoints except for `info`: Health information can be used to check the status of your running application. It is often used by monitoring software to alert someone if a production system goes down. The default information exposed by the `health` endpoint depends on how it is accessed. -For an insecure unauthenticated connection a simple '`status`' message is returned, for a -secure or authenticated connection additional details are also displayed (see +For an unauthenticated connection in a secure application a simple '`status`' message is +returned, and for a authenticated connection additional details are also displayed (see <> for HTTP details). Health information is collected from all @@ -507,16 +507,30 @@ If you don't want to expose endpoints over HTTP you can set the management port [[production-ready-health-access-restrictions]] === HTTP health endpoint access restrictions The information exposed by the health endpoint varies depending on whether or not it's -accessed anonymously. By default, when accessed anonymously, any details about the +accessed anonymously, and whether or not the enclosing application is secure. +By default, when accessed anonymously in a secure application, any details about the server's health are hidden and the endpoint will simply indicate whether or not the server is up or down. Furthermore, when accessed anonymously, the response is cached for a configurable period to prevent the endpoint being used in a denial of service attack. The `endpoints.health.time-to-live` property is used to configure the caching period in milliseconds. It defaults to 1000, i.e. one second. -The above-described restrictions can be disabled, thereby allowing anonymous users full -access to the health endpoint. To do so, set `endpoints.health.sensitive` to `false`. +The above-described restrictions can be enhanced, thereby allowing only authenticated users full +access to the health endpoint in a secure application. To do so, set `endpoints.health.sensitive` to `true`. +Here's a summary of behaviour (with default `sensitive` flag value "false" indicated in bold): +|==== +|Secure | Sensitive | Unauthenticated behaviour | Authenticated behaviour + +| false | **false** | Full content | Full content + +| false | true | Status only | Full content + +| true | **false** | Status only | Full content + +| true | true | No content | Full content + +|==== [[production-ready-jmx]]