Java – Spring Boot Actuator – Cannot disable /info endpoint

javaspring-bootspring-boot-actuator

I tried disabling all actuator endpoints for production environment in application.yml configuration file:

endpoints.enabled: false

It works for all endpoints except for /info.
How can I turn off all endpoints for given environment?

UPDATE:

Project I am working on is also acting as Eureka client.
In documentation for Spring Cloud Netflix in section Status Page and Health Indicator (http://cloud.spring.io/spring-cloud-netflix/spring-cloud-netflix.html) it says that "Eureka instance default to "/info" and "/health" respectively".

Is there any solution to disable those endpoints?

I was able to disable /health endpoint with endpoints.enabled: false, but not the /info endpoint.

Best Answer

Finally I managed to solve my problem. I enabled only /info and /health endpoints in actuator. And to allow access to /info endpoint only to users with role ADMIN I needed to mix actuator management security and spring security configuration.

So my application.yml looks like this:

endpoints.enabled: false

endpoints:
    info.enabled: true
    health.enabled: true

management.security.role: ADMIN

And spring security configuration like this (where I needed to change order of ManagementSecurityConfig to have higher priority):

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration {


    @Configuration
    protected static class AuthenticationSecurity extends GlobalAuthenticationConfigurerAdapter {

        @Autowired
        private AuthenticationProvider authenticationProvider;

        public AuthenticationSecurity() {
            super();
        }

        @Override
        public void init(AuthenticationManagerBuilder auth) throws Exception {
             auth.inMemoryAuthentication().withUser("admin").password("secret").roles("ADMIN");
        }
    }

    @Configuration
    @Order(Ordered.HIGHEST_PRECEDENCE + 2)
    public static class ManagementSecurityConfig extends WebSecurityConfigurerAdapter {


        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.csrf().disable()
                    .requestMatchers()
                    .antMatchers("/info/**")
                    .and()
                    .authorizeRequests()
                    .anyRequest().hasRole("ADMIN")
                    .and()
                    .httpBasic();
        }
    }

    @Configuration
    public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {

        protected void configure(HttpSecurity http) throws Exception {
            // API security configuration
        }

    }
}

Related Solutions

C# – How to change the Page Title in ASP.Net 1.1

With ASP.Net 1.1, first you have to set the runat attribute on the title markup :

<title id="PageTitle" runat="server">WebForm1</title>

Then from the code behind :

// We need this name space to use HtmlGenericControl
using System.Web.UI.HtmlControls;

namespace TestWebApp
{

      public class WebForm1 : System.Web.UI.Page
      {
            // Variable declaration and instantiation
            protected HtmlGenericControl PageTitle = new HtmlGenericControl();

            private void Page_Load(object sender, System.EventArgs e)
            {
                  // Set new page title
                  PageTitle.InnerText = "New Page Title";
            }
      }
}

Imports System.Web.UI.HtmlControls

Namespace TestWebApp

    Public Class WebForm1
        Inherits System.Web.UI.Page

        Protected PageTitle As HtmlGenericControl = New HtmlGenericControl()

        Private Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs)

            PageTitle.InnerText = "New Page Title"
        End Sub

...

    End Class
End Namespace

Java – Disable spring boot actuator endpoints java config

Looking at org.springframework.boot.actuate.autoconfigure.EndpointAutoConfiguration, the endpoints are provided when the beans are missing. One option would be to provide them in your own configuration class. All endpoints have the field enabled. You could provide all of them, setting enabled on false, except for the one you need.

@Configuration
public class ActuatorConfiguration {

    @Autowired(required = false)
    private Collection<PublicMetrics> publicMetrics;

    @Bean
    public MetricsEndpoint metricsEndpoint() {
        List<PublicMetrics> publicMetrics = new ArrayList<>();
        if (this.publicMetrics != null) {
            publicMetrics.addAll(this.publicMetrics);
        }
        Collections.sort(publicMetrics,AnnotationAwareOrderComparator.INSTANCE);
        MetricsEndpoint metricsEndpoint = new MetricsEndpoint(publicMetrics);
        metricsEndpoint.setEnabled(false);
        return metricsEndpoint;
    }
}

Best Answer

Related Solutions

C# – How to change the Page Title in ASP.Net 1.1

Java – Disable spring boot actuator endpoints java config

Related Topic