Reputation: 1640
Spring Boot - Only secure actuator endpoints
I'm using Spring Boot (1.3.0) with Jersey (pom dependencies: spring-boot-starter-jersey, spring-boot-starter-actuator, spring-boot-starter-web, spring-boot-starter-security).
I have a Jersey endpoint (see below) which is really simple:
@Component
@Path("/helloworld")
public class HelloWorldResource {
@GET
public String home() {
return "Hello World !";
}
}
I have enabled Spring Boot Actuator by setting a particular path for Spring MVC url (server.servlet-path=/system), as explained in Spring Boot guide.
Thanks to spring-boot-starter-security, Actuator endpoints are secured via basic authentification.
My problem here is that /helloworld is also secured, but I would like to leave it unsecured.
How can I do that ?
Thanks !
Upvotes: 3
Views: 5641
Answers (2)
Reputation: 4407
You have to configure the settings in yaml/properties file like below -
server:
port: 8080
context-path: /MyApplication
security:
user:
name: admin
password: secret
basic:
enabled: false
management:
context-path: /actuator
security:
enabled: true
So, for your application security is disabled but is enabled for actuator endpoints. Make sure you don't configure username/password under management security otherwise it will not work.
Upvotes: 6
Reputation: 1100
You can add security.user.name property together with management.security.role to your configuration such as application.properties or configuration from spring cloud config center and search the random password in startup logs. Of course ,you can also add password in bootstrap.yml to use what you are specified.
Upvotes: 0
Related Questions
- How to configure port for a Spring Boot application
- Secure hash and salt for PHP passwords
- Spring Boot 2 Actuator endpoints inaccessible with Jersey
- Exposing Spring boot actuator endpoints
- Spring Actuator, not able to expose even after trying somany options
- Actuator with Spring boot Jersey
- Spring-Boot actuator /shutdown endpoint forbidden
- Spring-boot 2.0.0 M1 - Actuator not working