Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

WhyI am Getting 403 Forbidden error for actuator /refresh endpoint on Spring Boot 2 on Cloud Foundry{using Cloud Config Server service}

Tags:

spring-boot

spring-boot-actuator

spring-cloud-config

Within my project, I have the following bootstrap.properties file:

spring.application.name=vault-demo
management.endpoints.web.exposure.include=*

Additionally to that, I defined the following dependency:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-actuator</artifactId>
</dependency>

The config server is able to access the property but when I update that property in GitHub and POST to /refresh I get a 403: Forbidden. Do I need to make any change in my application or bootstrap.properties?

like image 893
Shivi Sharma Avatar asked Sep 12 '18 15:09

Shivi Sharma

People also ask

How does Spring Security handle 403 Forbidden error?

Simply disabling CSRF on your configure method with http. csrf(). disable(); is all that needed to be done for my put requests to stop receiving 403. Save this answer.

How do you turn on actuator endpoints in spring boot?

To enable Spring Boot actuator endpoints to your Spring Boot application, we need to add the Spring Boot Starter actuator dependency in our build configuration file. Maven users can add the below dependency in your pom. xml file. Gradle users can add the below dependency in your build.

How do you turn off actuator endpoint security in spring boot?

You can enable or disable an actuator endpoint by setting the property management. endpoint. <id>. enabled to true or false (where id is the identifier for the endpoint).

Which endpoint is disabled by default in spring boot actuator?

In order to access the actuator endpoints using HTTP, we need to both enable and expose them. By default, all endpoints but /shutdown are enabled. Only the /health and /info endpoints are exposed by default.

1 Answers

I got the solution, I needed to add a security configuration, for example:

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();
    }
}

Additionally, I had to add the following dependency:

<dependency> 
    <groupId>org.springframework.security</groupId> 
    <artifactId>spring-security-rsa</artifactId> 
    <version>1.0.5.RELEASE</version> 
</dependency>

I found this solution within the following GitHub issue: https://github.com/spring-cloud/spring-cloud-config/issues/950

like image 131
Shivi Sharma Avatar answered Sep 19 '22 16:09

Shivi Sharma
Sign in to Comment

Related questions

How implement Error decoder for multiple feign clients
Docker MySQL - can't connect from Spring Boot app to MySQL database
Reload/Refresh cache in spring boot
NoSuchMethodError: org.springframework.plugin.core.PluginRegistry.getPluginOrDefaultFor
How do I use multiple 'JWK Set Uri' values in the same Spring Boot app?
Java 8 date/time type `java.time.Instant` not supported by default Issue : [duplicate]
Creating a custom Jasypt PropertySource in Springboot
Map checkboxes to List using Sprint Boot and Thymeleaf
How to use Websphere liberty in spring boot application
springSecurityFilterChain cannot be null
File upload in Spring Boot: Uploading, validation, and exception handling
In a spring boot project, how to load application.yaml into Java Properties
Autowiring :expected at least 1 bean which qualifies as autowire candidate for this dependency
Spring Cloud Config Server not working with Docker compose
How to have per-thread but reusable objects (PubNub) in a Spring app?
Spring Interceptor not working in Spring Data REST URLs
No @NotBlank validator for type String
Spring boot configuration: how to return always same random value when referenced?
How do I install Spring Boot CLI in Ubuntu?
Spring Security WebFlux and LDAP

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!