How to secure actuator endpoints with role in Spring Boot 2?

If your application is a resource server you don't need the SecConfig class.

So if you remove it, in your ResourceServerConfig class you can secure the actuators and just let admin through:

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
       http
            .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
            .authorizeRequests()
                .antMatchers("/ajax/**").authenticated()           
                .antMatchers("/actuator/**").hasRole("ADMIN")  
                .anyRequest().authenticated()  
                .and()
            .csrf()
                .disable();
    }
}

I add .anyRequest().authenticated() to secure the rest of the application endpoints.

Tags:

Java

Spring

Spring Security

Spring Boot

Spring Boot Actuator

Related

Filter a data-frame and add a new column according to the given condition Why does using MFENCE with store instruction block prefetching in L1 cache? How to convert bounding box (x1, y1, x2, y2) to YOLO Style (X, Y, W, H) How can I add an icon to Material UI Select options? How to use IEnumerable.GroupBy comparing multiple properties between elements? Cannot connect to Eureka server. Exception: java.net.ConnectException: Connection refused: connect Android ViewPager2 setPageMargin unresolved Using static libraries in Swift with CocoaPods fails for Realm Angular CDK Drag & Drop: Don't move source item How to Handle Firebase Auth exceptions on flutter How to group related request log entries GAE python 3.7 standard env Define a function in function declaration using std::iterator traits and auto

Recent Posts