Menu
I tried disabling all actuator endpoints for production environment in application.yml configuration file:
endpoints.enabled: false
It works for all endpoints except for /info. How can I turn off all endpoints for given environment?
UPDATE:
Project I am working on is also acting as Eureka client. In documentation for Spring Cloud Netflix in section Status Page and Health Indicator (http://cloud.spring.io/spring-cloud-netflix/spring-cloud-netflix.html) it says that "Eureka instance default to "/info" and "/health" respectively".
Is there any solution to disable those endpoints?
I was able to disable /health endpoint with endpoints.enabled: false, but not the /info endpoint.
916
Spring Boot disable Endpoints<id>. enabled property. For example, you can declare the following property in your properties or yml file to enable the shutdown endpoint. To disable all the endpoints, you can set the management.
To enable Spring Boot actuator endpoints to your Spring Boot application, we need to add the Spring Boot Starter actuator dependency in our build configuration file. Maven users can add the below dependency in your pom. xml file. Gradle users can add the below dependency in your build.
In order to access the actuator endpoints using HTTP, we need to both enable and expose them. By default, all endpoints but /shutdown are enabled.
In case of the presence of duplicate endpoints the priority goes to the actuator endpoints since their mappings are created afterwards, there might be another way to force the creation of their mappings first so you can override the native endpoints at all times.
Finally I managed to solve my problem. I enabled only /info and /health endpoints in actuator. And to allow access to /info endpoint only to users with role ADMIN I needed to mix actuator management security and spring security configuration.
So my application.yml looks like this:
endpoints.enabled: false
endpoints:
info.enabled: true
health.enabled: true
management.security.role: ADMIN
And spring security configuration like this (where I needed to change order of ManagementSecurityConfig to have higher priority):
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration {
@Configuration
protected static class AuthenticationSecurity extends GlobalAuthenticationConfigurerAdapter {
@Autowired
private AuthenticationProvider authenticationProvider;
public AuthenticationSecurity() {
super();
}
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("admin").password("secret").roles("ADMIN");
}
}
@Configuration
@Order(Ordered.HIGHEST_PRECEDENCE + 2)
public static class ManagementSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.requestMatchers()
.antMatchers("/info/**")
.and()
.authorizeRequests()
.anyRequest().hasRole("ADMIN")
.and()
.httpBasic();
}
}
@Configuration
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
// API security configuration
}
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With