October 2018
Intermediate to advanced
590 pages
15h 5m
English
With Spring Security, we can define a role, for example, ACTUATOR_ADMIN, and make the endpoints only accessible to authenticated users who are in this role, as shown in the following:
public class SecurityConfiguration extends WebSecurityConfigurerAdapter { ... protected void configure(HttpSecurity http) throws Exception { http ... .antMatchers(PUBLIC).permitAll() .requestMatchers(EndpointRequest.toAnyEndpoint()). hasAnyRole("ACTUATOR_ADMIN") .anyRequest().authenticated() ... } ...}
In application.properties, we will comment out the port setting, as in the following:
# management.server.port=9000
In this way, we can access the Actuator's endpoints with an authenticated user who has the required role. ...
Read now
Unlock full access