4

We are using Spring Boot Actuator Endpoints with our services.

We want to secure certain endpoints which are to be accessed only by the admin/support team for troubleshooting issues.

For example, /logfile,/env,/shutdown,/restart.

As per Spring Boot Actuator documentation, sensitive endpoints are secured by ACTUATOR role. We can also enable basic authentication and provide username and password in application.yml by adding Spring Security as a dependency.

My query is this works fine for basic authentication, but we want to use Token Based authentication.

We want the Admin Support team to first obtain a Token from a custom Token Service and then pass the token while the sensitive endpoints like /logfile and so on.

I am not sure how I can securely access these endpoint because they will be accessed via browser and not using a REST client. With REST client I see there are options supported for securing the same.

If someone has secured these endpoints with tokens and accessed them via browser can you please help me on the same.

juser
  • 359
  • 1
  • 7
  • 17
  • I'd actually also like to know this. While most seem interested in keeping basic authentication for sensitive ACTUATOR services, yet using JWTs for the actual service or whatever, I would like to know how to use the tokens I am getting from my auth-service for sensitive actuator endpoints of this very service (to access e.g. [...]/health or [...]/shutdown), too. – Igor Oct 14 '17 at 22:09

0 Answers0