codecentric · SteKoe · Mar 13, 2026 · Mar 13, 2026 · Mar 13, 2026 · Mar 13, 2026
@@ -36,7 +36,7 @@ sonatype snapshot repositories:
         <snapshots>
             <enabled>true</enabled>
         </snapshots>
-        <url>http:s//repo.spring.io/snapshot</url>
+        <url>https://repo.spring.io/snapshot</url>
     </repository>
 </repositories>
 ```
@@ -13,6 +13,8 @@ A Spring Security configuration for your server could look like this:
 
 ```java title="SecuritySecureConfig.java"
 
+import org.springframework.http.HttpMethod;
+
 @Configuration(proxyBeanMethods = false)
 public class SecuritySecureConfig {
 
@@ -32,13 +34,17 @@ public class SecuritySecureConfig {
 		successHandler.setDefaultTargetUrl(this.adminServer.path("/"));
 
 		http.authorizeHttpRequests((authorizeRequests) -> authorizeRequests //
-						.requestMatchers(new AntPathRequestMatcher(this.adminServer.path("/assets/**")))
+						.requestMatchers(PathPatternRequestMatcher.withDefaults()
+								.matcher(this.adminServer.path("/assets/**")))
 						.permitAll() // (1)
-						.requestMatchers(new AntPathRequestMatcher(this.adminServer.path("/actuator/info")))
+						.requestMatchers(PathPatternRequestMatcher.withDefaults()
+								.matcher(this.adminServer.path("/actuator/info")))
 						.permitAll()
-						.requestMatchers(new AntPathRequestMatcher(adminServer.path("/actuator/health")))
+						.requestMatchers(PathPatternRequestMatcher.withDefaults()
+								.matcher(this.adminServer.path("/actuator/health")))
 						.permitAll()
-						.requestMatchers(new AntPathRequestMatcher(this.adminServer.path("/login")))
+						.requestMatchers(PathPatternRequestMatcher.withDefaults()
+								.matcher(this.adminServer.path("/login")))
 						.permitAll()
 						.dispatcherTypeMatchers(DispatcherType.ASYNC)
 						.permitAll() // https://github.com/spring-projects/spring-security/issues/11027
@@ -53,9 +59,12 @@ public class SecuritySecureConfig {
 				.csrf((csrf) -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
 						.csrfTokenRequestHandler(new CsrfTokenRequestAttributeHandler())
 						.ignoringRequestMatchers(
-								new AntPathRequestMatcher(this.adminServer.path("/instances"), POST.toString()), // (6)
-								new AntPathRequestMatcher(this.adminServer.path("/instances/*"), DELETE.toString()), // (6)
-								new AntPathRequestMatcher(this.adminServer.path("/actuator/**")) // (7)
+								PathPatternRequestMatcher.withDefaults()
+										.matcher(HttpMethod.POST, this.adminServer.path("/instances")), // (6)
+								PathPatternRequestMatcher.withDefaults()
+										.matcher(HttpMethod.DELETE, this.adminServer.path("/instances/*")), // (6)
+								PathPatternRequestMatcher.withDefaults()
+										.matcher(this.adminServer.path("/actuator/**")) // (7)
 						));
 
 		http.rememberMe((rememberMe) -> rememberMe.key(UUID.randomUUID().toString()).tokenValiditySeconds(1209600));

@@ -12,9 +12,10 @@ Spring Boot Admin Server supports cluster replication via Hazelcast. It is autom
 You can also configure the Hazelcast instance to be persistent, to keep the status over restarts. Also have a look at the [Spring Boot support for Hazelcast](http://docs.spring.io/spring-boot/docs/current-SNAPSHOT/reference/htmlsingle/#boot-features-hazelcast/).
 
 When using clustering, Spring Boot Admin Events and Notifications are replicated across the members in the cluster.
-The applications are not replicated, each instance of Spring Boot Admin will have its own set of applications.
-This means that each instance has to monitor all applications, which may lead to increased load on the monitored services.
-Otherwise, you would have to ensure that each application is only monitored by one instance of Spring Boot Admin.
+The registered applications themselves are not replicated — each instance of Spring Boot Admin independently polls
+its own set of registered clients. This means each node monitors all applications, which may lead to increased
+load on the monitored services. If that is a concern, ensure that each application is registered with only one
+instance of Spring Boot Admin.
 
 ![Architecture](hazelcast-component-diagram.png)
 

@@ -7,7 +7,7 @@ import { PropertyTable } from "@sba/spring-boot-admin-docs/src/site/src/componen
 
 # Mail Notifications
 
-Mail notifications will be delivered as HTML emails rendered using https://www.thymeleaf.org/[Thymeleaf] templates.
+Mail notifications will be delivered as HTML emails rendered using [Thymeleaf](https://www.thymeleaf.org/) templates.
 To enable Mail notifications, configure a `JavaMailSender` using `spring-boot-starter-mail` and set a recipient.
 
 <figure>

@@ -52,11 +52,17 @@ You might want to set spring.jmx.enabled=true if you want to expose Spring beans
 Spring Boot 4 does not support Jolokia directly, you need a separate dependency for Spring Boot 4-based applications.
 See https://jolokia.org/reference/html/manual/spring.html for more details.
 
+:::note
+The artifact for Spring Boot 4 is named `jolokia-support-springboot` (no number suffix) — this is the
+current/latest Jolokia Spring Boot integration, intended for Spring Boot 4+. The Spring Boot 3 variant carries
+an explicit `3` suffix (`jolokia-support-springboot3`).
+:::
+
 ```xml title="pom.xml"
 <dependency>
     <groupId>org.jolokia</groupId>
     <artifactId>jolokia-support-springboot</artifactId>
-    <version>2.5.0</version>
+    <version>x.y.z</version> <!-- replace with a concrete Jolokia Spring Boot integration version (for example, the latest from Maven Central), or omit this element if the version is already managed via a BOM in your <dependencyManagement> section -->
 </dependency>
 ```
 
@@ -68,8 +74,8 @@ See https://jolokia.org/reference/html/manual/spring.html for more details.
 ```xml title="pom.xml"
 <dependency>
     <groupId>org.jolokia</groupId>
-    <artifactId>jolokia-support-springboot-3</artifactId>
-    <version>2.5.0</version>
+    <artifactId>jolokia-support-springboot3</artifactId>
+    <version>x.y.z</version> <!-- replace with a concrete Jolokia Spring Boot 3 integration version (for example, the latest from Maven Central), or omit this element if the version is already managed via a BOM in your <dependencyManagement> section -->
 </dependency>
 ```
 
@@ -82,6 +88,7 @@ provided the actuator itself, so you only need the plain jolokia dependency.
 <dependency>
     <groupId>org.jolokia</groupId>
     <artifactId>jolokia-core</artifactId>
+    <version>x.y.z</version> <!-- replace with the desired Jolokia core version -->
 </dependency>
 ```
 

@@ -220,11 +220,14 @@ import de.codecentric.boot.admin.server.web.client.InstanceWebClient;
 
 public class CustomHealthEndpointStatusUpdater extends StatusUpdater {
 
+    private final InstanceWebClient instanceWebClient;
+
     public CustomHealthEndpointStatusUpdater(
             InstanceRepository repository,
             InstanceWebClient instanceWebClient,
             ApiMediaTypeHandler apiMediaTypeHandler) {
         super(repository, instanceWebClient, apiMediaTypeHandler);
+        this.instanceWebClient = instanceWebClient;
     }
 
     @Override
@@ -238,11 +241,10 @@ public class CustomHealthEndpointStatusUpdater extends StatusUpdater {
             .getMetadata()
             .getOrDefault("health-path", "/actuator/health");
 
-        return instanceWebClient.instance(instance)
+        return this.instanceWebClient.instance(instance)
             .get()
             .uri(customHealthPath)
             .exchangeToMono(this::convertStatusInfo)
-            .timeout(getTimeoutWithMargin())
             .onErrorResume(this::handleError)
             .map(instance::withStatusInfo);
     }

@@ -176,30 +176,21 @@ spring:
 - Search your configuration files for `prefer-ip`
 - Replace with `service-host-type: IP` (if `prefer-ip: true`) or `service-host-type: HOST_NAME` (if `prefer-ip: false`)
 
----
-
 ### 4. Jolokia Compatibility
 
 **What Changed:**
 
-The current stable Jolokia version (2.4.2) does not yet support Spring Boot 4. Spring Boot Admin 4 temporarily
-downgrades to **Jolokia 2.1.0** for basic JMX functionality.
-
-**Limitations:**
-
-- Some advanced Jolokia features may not be available
-- JMX operations work but with reduced functionality compared to Jolokia 2.4.2
-
-**Future Outlook:**
-
-Spring Boot Admin will upgrade to a newer Jolokia version once Spring Boot 4 support is added. Monitor
-the [Jolokia project](https://github.com/jolokia/jolokia) for updates on Spring Boot 4 compatibility.
+Spring Boot Admin 4 manages the Jolokia Spring Boot integration **`org.jolokia:jolokia-support-springboot` 2.5.x**, which supports Spring Boot 4.
 
 **Action Required:**
 
-- **No immediate action needed** - Jolokia 2.1.0 is included automatically and provides basic JMX functionality
-- Test your JMX operations to ensure they work with the limited feature set
-- If JMX functionality is critical, consider waiting for full Jolokia support before upgrading
+- Jolokia 2.5.x is compatible with Spring Boot 4 and Spring Boot Admin 4.
+- If you use **JMX-Bean Management**, you must add the appropriate Jolokia Spring Boot support dependency to each
+  client application, matching the client's Spring Boot major version (for example, `jolokia-support-springboot`
+  for Spring Boot 4+ clients and `jolokia-support-springboot3` for Spring Boot 3.x clients). For Spring Boot 2.x
+  applications managed by Spring Boot Admin 2 or 3, use `jolokia-core` as described in the corresponding SBA
+  version documentation. See the [JMX-Bean Management](../03-client/10-client-features.md#jmx-bean-management)
+  section for the exact dependency coordinates per Spring Boot version.
 
 ---
 
@@ -281,7 +272,7 @@ mvn spring-boot:run
     - Health checks update correctly
     - Actuator endpoints are accessible
     - Notifications fire properly
-    - JMX operations work (with Jolokia 2.1.0 limitations)
+    - JMX operations work via Jolokia
 
 ### Step 5: Monitor Logs
 
@@ -314,7 +305,6 @@ If you encounter issues during the upgrade:
 - ✅ Replace `org.springframework.lang.Nullable` with `org.jspecify.annotations.Nullable`
 - ✅ Migrate client from `WebClient` to `RestClient`
 - ✅ Change `prefer-ip` to `service-host-type`
-- ⚠️ Accept Jolokia 2.1.0 limitations temporarily
 
 Most applications can upgrade with minimal code changes, primarily focused on configuration updates and dependency
 management.