0


I use Spring Boot - 1.5.3.Release Version for my project. Simply tested my demo application with Actuator and Dev-tools plugin from spring boot initializer site. (Hence I no longer needed to share my POM, as it is default).When I launch my application and try to hit the metrics End Point URL, I get this 401 Unauthorized status (image given below).

Metrics

Following Options Tried to Bypass this exception

  • I excluded the SecurityAutoConfiguration on my main Class.

     @SpringBootApplication
 @EnableAutoConfiguration(exclude= {org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class})
public class MainConfig {

But the above option didn't work.

  • When I downgrade my Spring-Boot - 1.4.6.RELEASE Version, I didn't get the UnAuthorized Exception. My Application worked like a charm :-)

Questions

  • Is there any Specific Security Enhancements have been made in the latest release of Spring-Boot (1.5.3.RELEASE Version)?
  • If at all any enhancements made, let know the community on how to bypass such kind of exceptions?
  • I also, noticed that when using Spring-boot (1.5.3.RELEASE) it doesn't show any exceptions on startup, even though I have multiple main program in my IDE build path. Is that also an enhancement is spring-boot (1.5.3.RELEASE) version?

Kindly clarify.

Praveen Kumar K S
  • 3,024
  • 1
  • 24
  • 31
  • 4
    Have you actually read [the docs](https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-1.5-Release-Notes#actuator-security) on that? – M. Deinum Apr 28 '17 at 07:37

1 Answers1

1

From the Spring Boot 1.5 Release Notes:

If you’re upgrading a Spring Boot 1.4 application that doesn’t have dependency on Spring Security and you wish to retain open access to your sensitive endpoints you’ll need to set management.security.enabled to false.

dur
  • 15,689
  • 25
  • 79
  • 125
TheKalin
  • 160
  • 6