Skip to content

Management Security Settings are ignored #3997

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ChristianLohmann opened this issue Sep 21, 2015 · 3 comments
Closed

Management Security Settings are ignored #3997

ChristianLohmann opened this issue Sep 21, 2015 · 3 comments
Assignees
@wilkinsona

Comments

@ChristianLohmann
Copy link

Setting the management.security.enabled to false seems to have no effect anymore. I also tried to set it on a specific endpoint like endpoints.health.sensitive=false. Thus the actuator endpoints are always secured.
Maybe this behavior is affected by this one: #3888

Reproducible with Spring Boot 1.3.0.M5 including the actuator and spring-security starters.
@philwebb philwebb added type: bug A general bug type: regression A regression from a previous release labels Sep 21, 2015
@philwebb philwebb added this to the 1.3.0.RC1 milestone Sep 21, 2015
@wilkinsona wilkinsona self-assigned this Sep 30, 2015
@wilkinsona
Copy link
Member

I can't recreate this with 1.3.0.M5 or the latest 1.3 snapshot. With management.security.enabled set to false I can access http://localhost:8080/beans without authenticating. @ChristianLohmann, can you please provide a sample project that reproduces the problem?

@wilkinsona wilkinsona added status: waiting-for-feedback We need additional information before we can continue and removed type: bug A general bug type: regression A regression from a previous release labels Sep 30, 2015
wilkinsona added a commit that referenced this issue Sep 30, 2015
@wilkinsona
Add MockMvc-based integration tests for management.security.enabled
ff5e463 
See gh-3997
@wilkinsona
Copy link
Member

I've just added two integration tests that verify the behaviour with and without management security enabled. Still no joy with reproducing the problem.

@wilkinsona wilkinsona removed this from the 1.3.0.RC1 milestone Sep 30, 2015
@wilkinsona
Copy link
Member

Closing due to lack of response. If this is still a problem, please let us know and we can re-open the issue.

@wilkinsona wilkinsona removed the status: waiting-for-feedback We need additional information before we can continue label Oct 30, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wilkinsona wilkinsona

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@philwebb @wilkinsona @ChristianLohmann