Use role-based security to show details in the health endpoint

Closes gh-11869
This commit is contained in:
Andy Wilkinson
2018-02-20 07:34:26 +00:00
parent a5960bc0c3
commit 3e4baf744e
27 changed files with 661 additions and 203 deletions

View File

@@ -1200,7 +1200,8 @@ content into your application. Rather, pick only the properties that you need.
# HEALTH ENDPOINT ({sc-spring-boot-actuator}/health/HealthEndpoint.{sc-ext}[HealthEndpoint], {sc-spring-boot-actuator-autoconfigure}/health/HealthEndpointProperties.{sc-ext}[HealthEndpointProperties])
management.endpoint.health.cache.time-to-live=0ms # Maximum time that a response can be cached.
management.endpoint.health.enabled= # Whether to enable the health endpoint.
management.endpoint.health.show-details=false # Whether to show full health details instead of just the status when exposed over a potentially insecure connection.
management.endpoint.health.roles= # Roles used to determine whether or not a user is authorized to be shown details. When empty, all authenticated users are authorized.
management.endpoint.health.show-details=when-authorized # When to show full health details.
# HEAP DUMP ENDPOINT ({sc-spring-boot-actuator}/management/HeapDumpWebEndpoint.{sc-ext}[HeapDumpWebEndpoint])
management.endpoint.heapdump.cache.time-to-live=0ms # Maximum time that a response can be cached.

View File

@@ -523,14 +523,18 @@ following values:
|`never`
|Details are never shown.
|`when-authenticated`
|Details are only shown to authenticated users.
|`when-authorized`
|Details are only shown to authorized users. Authorized roles can be configured using
`management.endpoint.health.roles`.
|`always`
|Details are shown to all users.
|===
The default value is `when-authenticated`.
The default value is `when-authorized`. A user is considered to be authorized when they
are in one or more of the endpoint's roles. If the endpoint has no configured roles
(the default) all authenticated users are considered to be authorized. The roles can
be configured using the `management.endpoint.health.roles` property.
NOTE: If you have secured your application and wish to use `always`, your security
configuration must permit access to the health endpoint for both authenticated and