From 435ca3db690f9b6f2f849cd4d30150e4ff751bb9 Mon Sep 17 00:00:00 2001 From: Stephane Nicoll Date: Tue, 27 Dec 2016 17:50:10 +0100 Subject: [PATCH] Polish actuator security changes Closes gh-7569 --- .../src/main/asciidoc/appendix-application-properties.adoc | 4 ++-- spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc index 72140365f3..448213a9a8 100644 --- a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc +++ b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc @@ -1057,7 +1057,7 @@ content into your application; rather pick only the properties that you need. management.context-path= # Management endpoint context-path. For instance `/actuator` management.port= # Management endpoint HTTP port. Uses the same port as the application by default. Configure a different port to use management-specific SSL. management.security.enabled=true # Enable security. - management.security.roles=ADMIN # Comma-separated list of roles that can access the management endpoint. + management.security.roles=ACTUATOR # Comma-separated list of roles that can access the management endpoint. management.security.sessions=stateless # Session creating policy to use (always, never, if_required, stateless). management.ssl.ciphers= # Supported SSL ciphers. Requires a custom management.port. management.ssl.client-auth= # Whether client authentication is wanted ("want") or needed ("need"). Requires a trust store. Requires a custom management.port. @@ -1107,7 +1107,7 @@ content into your application; rather pick only the properties that you need. management.shell.auth.key.path= # Path to the authentication key. This should point to a valid ".pem" file. management.shell.auth.simple.user.name=user # Login user. management.shell.auth.simple.user.password= # Login password. - management.shell.auth.spring.roles=ADMIN # Comma-separated list of required roles to login to the CRaSH console. + management.shell.auth.spring.roles=ACTUATOR # Comma-separated list of required roles to login to the CRaSH console. management.shell.command-path-patterns=classpath*:/commands/**,classpath*:/crash/commands/** # Patterns to use to look for commands. management.shell.command-refresh-interval=-1 # Scan for changes and update the command if necessary (in seconds). management.shell.config-path-patterns=classpath*:/crash/* # Patterns to use to look for configurations. diff --git a/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc b/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc index 120915be69..6a19dea707 100644 --- a/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc +++ b/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc @@ -2684,7 +2684,7 @@ If the Actuator is also in use, you will find: * The management endpoints are secure even if the application endpoints are insecure. * Security events are transformed into `AuditEvents` and published to the `AuditService`. -* The default user will have the `ADMIN` role as well as the `USER` role. +* The default user will have the `ACTUATOR` role as well as the `USER` role. The Actuator security features can be modified using external properties (`+management.security.*+`). To override the application access rules