Securing Spring Boot Actuator Endpoints

Out of the box, all sensitive Spring Boot Actuator endpoints are secured. Only authenticated users who have the ACTUATOR role can access those endpoints. You can change the ACTUATOR role name to something else, say SUPERADMIN, by setting the following property: 

If you have the Spring Boot Security starter on the classpath, the Actuator endpoints will be secured by Spring Security.

Add the Security starter dependency to pom.xml:

<dependency>     <groupId>org.springframework.boot</groupId>     <artifactId>spring-boot-starter-security</artifactId> </dependency> 

Rather than using the default user credentials, you can configure the security user credential in as follows: security.user.password=Password1$ security.user.role=USER,ADMIN,ACTUATOR 

Now if you try to access any endpoint, e.g. http://localhost:8080/actuator/beans, you will be prompted to enter credentials. If, for any reason, you want to disable security for your Actuator endpoints, you can set the following property: 

This will disable security for all Actuator endpoints.

Found the article helpful? if so please follow us on Socials
Twitter Icon       Facebook Icon       LinkedIn Icon       Mastodon Icon