-
Notifications
You must be signed in to change notification settings - Fork 40.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Restrict actuator access based on HTTP method via configuration #39046
Labels
status: duplicate
A duplicate of another issue
Comments
spring-projects-issues
added
the
status: waiting-for-triage
An issue we've not yet triaged
label
Jan 5, 2024
philwebb
added
for: team-meeting
An issue we'd like to discuss as a team to make progress
status: pending-design-work
Needs design work before any code can be developed
labels
Jan 5, 2024
I think this is probably a duplicate of #29596. |
I think so as well. Marking as a duplicate of #29596 |
philwebb
added
status: duplicate
A duplicate of another issue
and removed
status: waiting-for-triage
An issue we've not yet triaged
status: pending-design-work
Needs design work before any code can be developed
for: team-meeting
An issue we'd like to discuss as a team to make progress
labels
Feb 14, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem Statement
There are situations where actuators are added to applications for enhancing troubleshooting and runtime management to Spring Boot applications. These actuators could have PUT, POST and DELETE endpoints (
@WriteOperation
) that could be accessed on that application's actuator port. There are concerns about keeping these actuators, or even worse accidentally, getting into production environments with these accessible.Is it possible for actuators to automatically add a configuration option to enable/disable read or write operations? It would be nice to have this be configurable on:
/actuator/logging
Current Operations
Currently, there is
@ReadOperation
and@WriteOperation
annotations that map to HTTP verbs. Perhaps having the option of disabling write operations would help with this need.The text was updated successfully, but these errors were encountered: