Clarify use of user roles and (maybe also) basic auth for actuator endpoints

[dsyer]

No description provided.

[NickPadilla]

Hey @dsyer - This would be useful for me. I am attempting to use this configuration

management:
  security:
    role: admin
    enabled: true
  context_path: /admin

In the hopes that I could get the endpoints to only allow users with an 'admin' role to view. Having this documentation would be helpful.

[NickPadilla]

For now, i have set management to be on a different port. This is a short term solution as I'd like to see the security checking against the OAuth2Authentication object, for the specified role; also would like to be able to get to these endpoints from Zuul.

[ktong]

@NickPadilla I am able to use basic authentication for actuator endpoints with below configuration.

@Configuration
@EnableOAuth2Resource
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

  @Value("${management.contextPath}")
  private String contextPath = "";

  @Override
  public void configure(HttpSecurity http) throws Exception {
    http.regexMatcher("^(?!" + contextPath + ").*$").authorizeRequests()
        .anyRequest().authenticated();
  }
}