MicroProfile Metrics

This feature provides support for the Eclipse MicroProfile Metrics 2.3 specification for enterprise Java.

MicroProfile metrics provides a /metrics endpoint from which you can access all metrics that are emitted by the Open Liberty server and deployed applications. When the application runs, you can view your metrics from any browser by accessing the endpoint.

The MicroProfile Metrics feature also can provide access to metrics about server components when it is used in combination with the monitor-1.0 feature.

Enabling this feature

To enable the MicroProfile Metrics 2.3 feature, add the following element declaration into your server.xml file, inside the featureManager element:



MicroProfile Metrics configuration

The MicroProfile Metrics feature can be used to monitor applications that use the MicroProfile Metrics API. The MicroProfile Metrics API is a REST API that displays metrics for administrators to access. You can configure the MicroProfile Metrics feature to require authentication and authorization to access the /metrics endpoint. The following example shows a basic security configuration for the REST API:

<quickStartSecurity userName="theUser" userPassword="thePassword"/>
<keyStore id="defaultKeyStore" password="Liberty"/>

By default, the MicroProfile Metrics feature uses the default keystore to secure the /metrics REST endpoint.

Authorizing access to the metrics API with a basic user registry

The /metrics endpoint is used to access the metrics that are stored in the server. The metrics can include both information about server components, such as connection pools, and metrics information that is created by applications. In some cases, you might want to limit access to this data. To allow a user or group of users to access the MicroProfile Metrics API, you can map the administrator role to the user or group from the configured user registry. The MicroProfile Metrics API is protected by the Open Liberty administrator role. The following example shows a configuration to enable a user in the configured user registry and AuthorizedGroup to access the API:

<basicRegistry id="basic" realm="WebRealm">
    <user name="bob" password="bobpwd" />
    <user name="alice" password="alicepwd" />
    <user name="carl" password="carlpwd" />

    <group name="AuthorizedGroup">
        <member name="alice" />


Authorizing access to the metrics API with SSO

When you enable an SSO method, such as JSON Web Token (JWT), you can map the administrator role to the user-access-id or group-access-id element. This mapping authorizes access to the MicroProfile Metrics API. The following example shows the configuration to access the API when an SSO method is enabled:


The user-access-id and group-access-id elements specify the realm that the authorized user or group belongs to. The user bob and the ManagingGroup group both belong to the https://idp.example.com realm that is authorized to access the API.

Disabling metrics security

Although the default configuration for the MicroProfile Metrics feature secures the REST API, it is possible to disable metrics security. With secured authentication disabled, the metrics REST endpoint is not restricted only to HTTP, but is still accessible through the HTTPS protocol. The following example shows a MicroProfile Metrics configuration with security disabled:

<mpMetrics authentication="false"/>

Stable API packages provided by this feature

  • org.eclipse.microprofile.metrics

  • org.eclipse.microprofile.metrics.annotation

Supported Java versions

  • JavaSE-1.8

  • JavaSE-11.0

  • JavaSE-15.0

Features that enable this feature

Developing a feature that depends on this feature

If you are developing a feature that depends on this feature, include the following item in the Subsystem-Content header in your feature manifest file.

com.ibm.websphere.appserver.mpMetrics-2.3; type="osgi.subsystem.feature"