Home > Enterprise >  Spring Boot 2.1.18 doesn't map actuator endpoints, no endpoints logged as mapped
Spring Boot 2.1.18 doesn't map actuator endpoints, no endpoints logged as mapped

Time:09-15

I'm migrating Spring Boot 1.4.1 -> 2.1.18 It seems to be working (this is a Kafka app, the logs look good).

But I cannot make the actuator serve any endpoints no matter what. It always looks like this: http://127.0.0.1:8081/health or http://127.0.0.1:8081/actuator/health or http://127.0.0.1:8081/actuator/info or http://127.0.0.1:8081/info or whatever it's always the response:

{"error":"invalid token","message":"Failed to obtain token from request. 'Authorization' header field must be set.","path":"/health","status":401,"timestamp":"2022-08-23T01:45:07.124Z"}

In the logs it looks like this (the endpoint I try to invoke changes of course, but the logs show the same behavior):

2022-08-22T17:03:12.313Z DEBUG --- [http-nio-8081-exec-6] o.a.c.h.Http11InputBuffer : Received [GET /health HTTP/1.1
Host: 100.97.249.239:8081
User-Agent: kube-probe/1.19
Accept-Encoding: gzip
Connection: close

]
2022-08-22T17:03:12.314Z DEBUG --- [http-nio-8081-exec-6] o.a.c.a.AuthenticatorBase : Security checking request GET /health
2022-08-22T17:03:12.314Z DEBUG --- [http-nio-8081-exec-6] o.a.c.r.RealmBase :   No applicable constraints defined
2022-08-22T17:03:12.314Z DEBUG --- [http-nio-8081-exec-6] o.a.c.a.AuthenticatorBase : Not subject to any constraint
2022-08-22T17:03:12.314Z DEBUG --- [http-nio-8081-exec-6] o.s.s.w.FilterChainProxy : /health at position 1 of 14 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2022-08-22T17:03:12.314Z DEBUG --- [http-nio-8081-exec-6] o.s.s.w.FilterChainProxy : /health at position 2 of 14 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2022-08-22T17:03:12.314Z DEBUG --- [http-nio-8081-exec-6] o.s.s.w.FilterChainProxy : /health at position 3 of 14 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2022-08-22T17:03:12.314Z DEBUG --- [http-nio-8081-exec-6] o.s.s.w.FilterChainProxy : /health at position 4 of 14 in additional filter chain; firing Filter: 'AuthExceptionHandlerFilter'
2022-08-22T17:03:12.314Z DEBUG --- [http-nio-8081-exec-6] o.s.s.w.FilterChainProxy : /health at position 5 of 14 in additional filter chain; firing Filter: 'KeycloakPreAuthActionsFilter'
2022-08-22T17:03:12.314Z DEBUG --- [http-nio-8081-exec-6] o.s.s.w.h.w.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@62a657b0
2022-08-22T17:03:12.314Z DEBUG --- [http-nio-8081-exec-6] o.s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2022-08-22T17:03:12.314Z DEBUG --- [http-nio-8081-exec-6] o.a.c.h.Http11Processor : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@38ddeb43:org.apache.tomcat.util.net.NioChannel@2efea784:java.nio.channels.SocketChannel[connected local=/100.97.249.239:8081 remote=/172.16.23.76:39510]], Status in: [OPEN_READ], State out: [CLOSED]
2022-08-22T17:03:12.314Z DEBUG --- [http-nio-8081-exec-6] o.a.t.u.t.LimitLatch : Counting down[http-nio-8081-exec-6] latch=8
2022-08-22T17:03:12.314Z DEBUG --- [http-nio-8081-exec-6] o.a.t.u.n.NioEndpoint : Calling [org.apache.tomcat.util.net.NioEndpoint@2ceceb98].closeSocket([org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@38ddeb43:org.apache.tomcat.util.net.NioChannel@2efea784:java.nio.channels.SocketChannel[connected local=/100.97.249.239:8081 remote=/172.16.23.76:39510]])
2022-08-22T17:03:12.403Z DEBUG --- [http-nio-8080-ClientPoller] o.a.t.u.n.NioEndpoint : timeout completed: keys processed=0; now=1661187792403; nextExpiration=1661187792402; keyCount=0; hasEvents=false; eval=false
2022-08-22T17:03:12.595Z DEBUG --- [http-nio-8081-exec-7] o.a.c.h.Http11InputBuffer : Before fill(): [true], parsingRequestLine: [true], parsingRequestLinePhase: [0], parsingRequestLineStart: [0], byteBuffer.position() [0]
2022-08-22T17:03:12.595Z DEBUG --- [http-nio-8081-exec-7] o.a.t.u.n.SocketWrapperBase : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@212bc591:org.apache.tomcat.util.net.NioChannel@3d2834f8:java.nio.channels.SocketChannel[connected local=/100.97.249.239:8081 remote=/100.98.123.19:49114]], Read from buffer: [0]
2022-08-22T17:03:12.595Z DEBUG --- [http-nio-8081-exec-7] o.a.t.u.n.NioEndpoint : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@212bc591:org.apache.tomcat.util.net.NioChannel@3d2834f8:java.nio.channels.SocketChannel[connected local=/100.97.249.239:8081 remote=/100.98.123.19:49114]], Read direct from socket: [293]

I even don't have the default endpoints like health or info working. I tried different configs and basically all approaches I found on the Internet. I also see that my configs are read by Spring Boot in the logs.

From these logs I think it's not a security problem, and HTTP 401 is a Spring Boot thing to avoid showing HTTP 404 to an unauthorized user.

But I don't see any lines showing mapped word from WebMvcEndpointHandlerMapping unlike in the logs examples of which I found.

I really suspect that no endpoint mappings really happening. I found these lines in the logs:

      Did not match:
         - @ConditionalOnEnabledResourceChain did not find class org.webjars.WebJarAssetLocator (OnEnabledResourceChainCondition)

   WebMvcAutoConfiguration.WebMvcAutoConfigurationAdapter#beanNameViewResolver:
      Did not match:
         - @ConditionalOnMissingBean (types: org.springframework.web.servlet.view.BeanNameViewResolver; SearchStrategy: all) found beans of type 'org.springframework.web.servlet.view.BeanNameViewResolver' beanNameViewResolver (OnBeanCondition)

   WebMvcAutoConfiguration.WebMvcAutoConfigurationAdapter#localeResolver:
      Did not match:
         - @ConditionalOnProperty (spring.mvc.locale) did not find property 'locale' (OnPropertyCondition)
...
Tomcat started on port(s): 8080 (http) with context path ''
...
 Exposing 16 endpoint(s) beneath base path '/actuator'
### NOTHING ABOUT WHAT ENDPOINTS
...
o.s.w.s.m.m.a.RequestMappingHandlerMapping : 1 mappings in 'requestMappingHandlerMapping'
...
Tomcat started on port(s): 8081 (http) with context path ''

Where could I look at? What else can I try? Pretty desperate at this point...

My application.yaml:

management:
  server:
    port: 8081
  security:
    enabled: false
  endpoint:
    health:
      enabled: true
    prometheus:
      enabled: true
    metrics:
      enabled: true
  endpoints:
    web:
      exposure:
        include: "*"
  metrics:
    export:
      prometheus:
        enabled: true

my pom.xml has

    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-actuator</artifactId>
    </dependency>

    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-web</artifactId>
    </dependency>

    <dependency>
      <groupId>io.micrometer</groupId>
      <artifactId>micrometer-registry-prometheus</artifactId>
      <scope>runtime</scope>
    </dependency>

CodePudding user response:

401 actually meant the permission problem, and I couldn't get rid of it for a while, but after getting rid of the legacy libraries I was able to expose the endpoint with this:

public class CustomSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
                .antMatchers("/**").hasRole("USER")
                .and()
                .httpBasic();
    }

This is probably my own problem due to the dependency hell I ended up, but I hope it'll help someone sometime.

  • Related