root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Clarify actuator security documentation 

See gh-30065
This commit is contained in:
Khan, C M Abdullah 2022-03-04 01:54:59 +06:00 committed by Andy Wilkinson
parent fd3248b629
commit 5b7c21e780
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc
View File

@ -316,8 +316,8 @@ TIP: If you want to implement your own strategy for when endpoints are exposed,
[[actuator.endpoints.security]]
=== Security
For security purposes, all actuators other than `/health` are disabled by default.
You can use the configprop:management.endpoints.web.exposure.include[] property to enable the actuators.
For security purposes, only the `/health` endpoint is exposed over HTTP by default. If you want to expose more endpoints,
you can use the configprop:management.endpoints.web.exposure.include[] property to expose the actuator's endpoint.
NOTE: Before setting the `management.endpoints.web.exposure.include`, ensure that the exposed actuators do not contain sensitive information, are secured by placing them behind a firewall, or are secured by something like Spring Security.