mirror of
https://github.com/spring-projects/spring-boot.git
synced 2024-08-29 03:06:45 +08:00
Clarify docs on actuator security
Closes gh-8646
This commit is contained in:
parent
294f880fa3
commit
2a7fd5011d
@ -583,6 +583,20 @@ in your `application.properties`:
|
||||
management.security.roles=SUPERUSER
|
||||
----
|
||||
|
||||
If your application has custom security configuration and you want all your actuator endpoints
|
||||
to be accessible without authentication, you need to explicitly configure that in your
|
||||
security configuration. Along with that, you need to change the `management.security.enabled`
|
||||
property to `false`.
|
||||
|
||||
If your custom security configuration secures your actuator endpoints, you also need to ensure that
|
||||
the authenticated user has the roles specified under `management.security.roles`.
|
||||
|
||||
TIP: If you don't have a use case for exposing basic health information to unauthenticated users,
|
||||
and you have secured the actuator endpoints with custom security, you can set `management.security.enabled`
|
||||
to `false`. This will inform Spring Boot to skip the additional role check.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
[[production-ready-customizing-management-server-context-path]]
|
||||
|
Loading…
Reference in New Issue
Block a user