Cloud Foundry support

Spring Boot’s actuator module includes additional support that is activated when you deploy to a compatible Cloud Foundry instance. The /cloudfoundryapplication path provides an alternative secured route to all NamedMvcEndpoint beans.

The extended support allows Cloud Foundry management UIs (such as the web application that you can use to view deployed applications) to be augmented with Spring Boot actuator information. For example, an application status page may include full health information instead of the typical “running” or “stopped” status.

The /cloudfoundryapplication path is not directly accessible to regular users. In order to use the endpoint a valid UAA token must be passed with the request.

Disabling extended Cloud Foundry actuator support

If you want to fully disable the /cloudfoundryapplication endpoints you can add the following to your application.properties file:

application.properties
management.cloudfoundry.enabled=false

Cloud Foundry self signed certificates

By default, the security verification for /cloudfoundryapplication endpoints makes SSL calls to various Cloud Foundry services. If your Cloud Foundry UAA or Cloud Controller services use self-signed certificates you will need to set the following property:

application.properties
management.cloudfoundry.skip-ssl-validation=true

Custom security configuration

If you define custom security configuration, and you want extended Cloud Foundry actuator support, you’ll should ensure that /cloudfoundryapplication/** paths are open. Without a direct open route, your Cloud Foundry application manager will not be able to obtain endpoint data.

For Spring Security, you’ll typically include something like mvcMatchers("/cloudfoundryapplication/**").permitAll() in your configuration:

@Override
protected void configure(HttpSecurity http) throws Exception {
	http
		.authorizeRequests()
			.mvcMatchers("/cloudfoundryapplication/**")
				.permitAll()
			.mvcMatchers("/mypath")
				.hasAnyRole("SUPERUSER")
			.anyRequest()
				.authenticated().and()
		.httpBasic();
}