root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Merge branch '1.5.x'

This commit is contained in:
Madhura Bhave 2017-04-19 15:44:28 -07:00
parent 115b369633 2a7fd5011d
commit 359854eb85
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
spring-boot-docs/src/main/asciidoc/production-ready-features.adoc
View File

@ -585,6 +585,20 @@ in your `application.properties`:
management.security.roles=SUPERUSER management.security.roles=SUPERUSER
---- ----
If your application has custom security configuration and you want all your actuator endpoints
to be accessible without authentication, you need to explicitly configure that in your
security configuration. Along with that, you need to change the `management.security.enabled`
property to `false`.
If your custom security configuration secures your actuator endpoints, you also need to ensure that
the authenticated user has the roles specified under `management.security.roles`.
TIP: If you don't have a use case for exposing basic health information to unauthenticated users,
and you have secured the actuator endpoints with custom security, you can set `management.security.enabled`
to `false`. This will inform Spring Boot to skip the additional role check.
[[production-ready-customizing-management-server-context-path]] [[production-ready-customizing-management-server-context-path]]