28.4 Actuator Security

If the Actuator is also in use, you will find:

The management endpoints are secure even if the application endpoints are insecure.
Security events are transformed into AuditEvents and published to the AuditService.
The default user will have the ADMIN role as well as the USER role.

The Actuator security features can be modified using external properties (management.security.*). To override the application access rules add a @Bean of type WebSecurityConfigurerAdapter and use @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) if you don’t want to override the actuator access rules, or @Order(ManagementServerProperties.ACCESS_OVERRIDE_ORDER) if you do want to override the actuator access rules.

28.4 Actuator Security

28.4 Actuator Security

results matching ""

No results matching ""