How to exclude springboot /health endpoint from secured, which means show full health details content even though unauthenticated?

Question

If security is enabled in application.yml properties, i.e.:

 management:
   security:
     enabled: true

In old springboot 1.2.x, accessing the health endpoint (/health), with/without passing the credential, will return full details of health response.

In springboot 1.3.x, the default behaviour has been changed. Only with passing the credential will return full health details, otherwise only summary (Status only) is returned.

Need to investigate if there is easy way to still be able to get the health details in full (as in springboot 1.2.x) even though not supplying credential?

refer: http://docs.spring.io/spring-boot/docs/current-SNAPSHOT/reference/htmlsingle/#production-ready-health-access-restrictions

http://stackoverflow.com/questions/30366405/how-to-disable-spring-security-for-particular-url - you must override the configure method and add a ignore of the health path in there — Alexandru Marina, Aug 04 '16 at 11:47
@AlexandruMarina Thanks, but after I added `web.ignoring().antMatchers("/api/health");`, the `/health` endpoint would always redirect to `/login` and need enter username and password. — JimmyLv, Aug 05 '16 at 02:34

How to exclude springboot /health endpoint from secured, which means show full health details content even though unauthenticated?

0 Answers0