This feature provides support for the Eclipse MicroProfile Metrics 4.0 specification for enterprise Java.
MicroProfile metrics provides a
/metrics endpoint from which you can access all metrics that are emitted by the Open Liberty server and deployed applications.
When the application runs, you can view your metrics from any browser by accessing the endpoint.
Enabling this feature
To enable the MicroProfile Metrics 4.0 feature, add the following element declaration into your
server.xml file, inside the
Configure MicroProfile metrics security
The MicroProfile Metrics feature can be used to monitor applications that use the MicroProfile Metrics API. The MicroProfile Metrics API is a REST API that displays metrics for administrators to access. You can configure the MicroProfile Metrics feature to require authentication and authorization to access the
/metrics endpoint. The following example shows a basic security configuration for the REST API:
<quickStartSecurity userName="theUser" userPassword="thePassword"/> <keyStore id="defaultKeyStore" password="Liberty"/>
By default, the MicroProfile Metrics feature uses the default keystore to secure the
/metrics REST endpoint. The
quickStartSecurity element is specified to enable administrative role mapping for a user who needs access to the endpoint. However, you can use any method of administrative role mapping to configure access to the endpoint and enable metrics security.
Authorize access to the metrics API with a basic user registry
/metrics REST endpoint is used to access the metrics that are stored in the server. The metrics can include both information about server components, such as connection pools, and metrics information that is created by applications. In some cases, you might want to limit access to this data. To allow users and groups of users access to the MicroProfile Metrics API, you can map the
administrator role to users and groups that are in the configured user registry. The MicroProfile Metrics API is protected by the Open Liberty
administrator role. The following example maps the user
bob and the group
AuthorizedGroup to the
administrator role so that they can access the MicroProfile Metrics API:
<basicRegistry id="basic" realm="WebRealm"> <user name="bob" password="bobpwd" /> <user name="alice" password="alicepwd" /> <user name="carl" password="carlpwd" /> <group name="AuthorizedGroup"> <member name="alice" /> </group> </basicRegistry> <administrator-role> <user>bob</user> <group>AuthorizedGroup</group> </administrator-role>
Authorize access to the metrics API with SSO
When you enable an SSO method, such as JSON Web Token (JWT), you can map the
administrator role to the
group-access-id element. This mapping authorizes access to the MicroProfile Metrics API. The following example shows the configuration to access the API when an SSO method is enabled:
<administrator-role> <user-access-id>user:https://idp.example.com/bob</user-access-id> <group-access-id>group:https://idp.example.com/ManagingGroup</group-access-id> </administrator-role>
group-access-id elements specify the realm that the authorized user or group belongs to. The user
bob and the
ManagingGroup group both belong to the
https://idp.example.com realm that is authorized to access the API.
Remove MicroProfile metrics security
Although the default configuration for the MicroProfile Metrics feature secures the REST API, it is possible to remove metrics security. With secured authentication disabled, the metrics REST endpoint is not restricted only to HTTP, but is still accessible through the HTTPS protocol. The following example shows a MicroProfile Metrics configuration with security disabled:
Feature configuration elements
Stable API packages provided by this feature