Use role-based security to show details in the health endpoint
Closes gh-11869
This commit is contained in:
@@ -1200,7 +1200,8 @@ content into your application. Rather, pick only the properties that you need.
|
||||
# HEALTH ENDPOINT ({sc-spring-boot-actuator}/health/HealthEndpoint.{sc-ext}[HealthEndpoint], {sc-spring-boot-actuator-autoconfigure}/health/HealthEndpointProperties.{sc-ext}[HealthEndpointProperties])
|
||||
management.endpoint.health.cache.time-to-live=0ms # Maximum time that a response can be cached.
|
||||
management.endpoint.health.enabled= # Whether to enable the health endpoint.
|
||||
management.endpoint.health.show-details=false # Whether to show full health details instead of just the status when exposed over a potentially insecure connection.
|
||||
management.endpoint.health.roles= # Roles used to determine whether or not a user is authorized to be shown details. When empty, all authenticated users are authorized.
|
||||
management.endpoint.health.show-details=when-authorized # When to show full health details.
|
||||
|
||||
# HEAP DUMP ENDPOINT ({sc-spring-boot-actuator}/management/HeapDumpWebEndpoint.{sc-ext}[HeapDumpWebEndpoint])
|
||||
management.endpoint.heapdump.cache.time-to-live=0ms # Maximum time that a response can be cached.
|
||||
|
||||
@@ -523,14 +523,18 @@ following values:
|
||||
|`never`
|
||||
|Details are never shown.
|
||||
|
||||
|`when-authenticated`
|
||||
|Details are only shown to authenticated users.
|
||||
|`when-authorized`
|
||||
|Details are only shown to authorized users. Authorized roles can be configured using
|
||||
`management.endpoint.health.roles`.
|
||||
|
||||
|`always`
|
||||
|Details are shown to all users.
|
||||
|===
|
||||
|
||||
The default value is `when-authenticated`.
|
||||
The default value is `when-authorized`. A user is considered to be authorized when they
|
||||
are in one or more of the endpoint's roles. If the endpoint has no configured roles
|
||||
(the default) all authenticated users are considered to be authorized. The roles can
|
||||
be configured using the `management.endpoint.health.roles` property.
|
||||
|
||||
NOTE: If you have secured your application and wish to use `always`, your security
|
||||
configuration must permit access to the health endpoint for both authenticated and
|
||||
|
||||
Reference in New Issue
Block a user