root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Clarify docs on actuator security 

Closes gh-8646
This commit is contained in:
Madhura Bhave 2017-04-14 11:52:00 -07:00
parent 294f880fa3
commit 2a7fd5011d
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
spring-boot-docs/src/main/asciidoc/production-ready-features.adoc
View File

@ -583,6 +583,20 @@ in your `application.properties`:
management.security.roles=SUPERUSER
----
If your application has custom security configuration and you want all your actuator endpoints
to be accessible without authentication, you need to explicitly configure that in your
security configuration. Along with that, you need to change the `management.security.enabled`
property to `false`.
If your custom security configuration secures your actuator endpoints, you also need to ensure that
the authenticated user has the roles specified under `management.security.roles`.
TIP: If you don't have a use case for exposing basic health information to unauthenticated users,
and you have secured the actuator endpoints with custom security, you can set `management.security.enabled`
to `false`. This will inform Spring Boot to skip the additional role check.
[[production-ready-customizing-management-server-context-path]]