This repository has been archived by the owner on Apr 5, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 245
Clarify use of user roles and (maybe also) basic auth for actuator endpoints #28
Labels
Milestone
Comments
Hey @dsyer - This would be useful for me. I am attempting to use this configuration
In the hopes that I could get the endpoints to only allow users with an 'admin' role to view. Having this documentation would be helpful. |
For now, i have set management to be on a different port. This is a short term solution as I'd like to see the security checking against the OAuth2Authentication object, for the specified role; also would like to be able to get to these endpoints from Zuul. |
@NickPadilla I am able to use basic authentication for actuator endpoints with below configuration. @Configuration
@EnableOAuth2Resource
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Value("${management.contextPath}")
private String contextPath = "";
@Override
public void configure(HttpSecurity http) throws Exception {
http.regexMatcher("^(?!" + contextPath + ").*$").authorizeRequests()
.anyRequest().authenticated();
}
} |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
No description provided.
The text was updated successfully, but these errors were encountered: