From 5b7c21e78007ea9963605b527a7ac285d291810e Mon Sep 17 00:00:00 2001 From: "Khan, C M Abdullah" Date: Fri, 4 Mar 2022 01:54:59 +0600 Subject: [PATCH 1/2] Clarify actuator security documentation See gh-30065 --- .../src/docs/asciidoc/actuator/endpoints.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc b/spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc index 41a7d9beb06c..72e2ecad666e 100644 --- a/spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc +++ b/spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc @@ -316,8 +316,8 @@ TIP: If you want to implement your own strategy for when endpoints are exposed, [[actuator.endpoints.security]] === Security -For security purposes, all actuators other than `/health` are disabled by default. -You can use the configprop:management.endpoints.web.exposure.include[] property to enable the actuators. +For security purposes, only the `/health` endpoint is exposed over HTTP by default. If you want to expose more endpoints, +you can use the configprop:management.endpoints.web.exposure.include[] property to expose the actuator's endpoint. NOTE: Before setting the `management.endpoints.web.exposure.include`, ensure that the exposed actuators do not contain sensitive information, are secured by placing them behind a firewall, or are secured by something like Spring Security. From c872539dea731c04a76122eca38ddbedbcd4e612 Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Fri, 4 Mar 2022 17:19:46 +0000 Subject: [PATCH 2/2] Polish "Clarify actuator security documentation" See gh-30065 --- .../src/docs/asciidoc/actuator/endpoints.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc b/spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc index 72e2ecad666e..f79536774c67 100644 --- a/spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc +++ b/spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc @@ -316,8 +316,8 @@ TIP: If you want to implement your own strategy for when endpoints are exposed, [[actuator.endpoints.security]] === Security -For security purposes, only the `/health` endpoint is exposed over HTTP by default. If you want to expose more endpoints, -you can use the configprop:management.endpoints.web.exposure.include[] property to expose the actuator's endpoint. +For security purposes, only the `/health` endpoint is exposed over HTTP by default. +You can use the configprop:management.endpoints.web.exposure.include[] property to configure the endpoints that are exposed. NOTE: Before setting the `management.endpoints.web.exposure.include`, ensure that the exposed actuators do not contain sensitive information, are secured by placing them behind a firewall, or are secured by something like Spring Security.