Reputation: 5
management.security.roles doesn't work for health endpoint
I have secured (basic authentication) my spring boot application with spring security. I added role MANAGEMENT for users who can use monitoring and management. I set management.security.roles=MANAGEMENT. User with this role can see only status (using health endpoint). If I set management.security.role=MANAGEMENT, everything works (user with this role see all health parameters), but this property is depricated. Am I doing something wrong? Or it is a bug? I have spring boot in version 1.4.0.RELEASE
Upvotes: 0
Views: 739
Answers (1)
Reputation: 36
It seems that in 1.4.0 you need to use management.security.role (singular)
I had issues with 1.4.2 and 1.4.3 that only use management.security.roles (plural).
I wish I would have found some documentation about the change before running into it when updating Spring Boot from 1.4.0 to 1.4.3
Upvotes: 2
Related Questions
- management.endpoint.health.group.readiness.include=* bug - Spring Boot Actuator
- Spring Boot 2 Actuator /health endpoint not showing additional info when using authentication
- Spring Boot Actuator Endpoints security doesn't work with custom Spring Security Configuration
- Health endpoint not working in spring-boot-actuator service
- Why the application does not see the Roles in Spring Security (Forbidden)
- Spring Security: user with role is not able to access to endpoint
- Spring security gives access denied on /actuator/health
- Spring boot actuator: Health endpoint not showing details when other actuator's endpoints are secured
- How to make the `@Endpoint(id = "health")` working in Spring Boot 2.0?
- Spring Boot Actuator 1.4.7 - missing Health Endpoint (404) on my REST app