Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add actuator #337

Merged
merged 2 commits into from
Apr 13, 2022
Merged

Add actuator #337

merged 2 commits into from
Apr 13, 2022

Conversation

jkiddo
Copy link
Collaborator

@jkiddo jkiddo commented Mar 20, 2022

No description provided.

@jkiddo jkiddo mentioned this pull request Mar 22, 2022
Closed
@XcrigX
Copy link
Contributor

XcrigX commented Mar 23, 2022

I would recommend not committing the change to application.yaml which opens all the actuator endpoints. This could open somebody up to security risks if they take the latest update without turning those explicitly back off.
/logfile, /heapdump, /configprops, etc. could all expose sensitive information.

Perhaps just explicitly enabling /health - which is the only endpoint Spring exposes by default would be better, so users can see that actuator is an option, but without turning them all on.
https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html#actuator.endpoints.security

This is the part I'm talking about:
#Adds the option to go to eg. http://localhost:8080/actuator/env for seeing the running configuration management: endpoints: web: exposure: include: "*" exclude: "beans"

@jkiddo
Copy link
Collaborator Author

jkiddo commented Mar 23, 2022

@XcrigX sure - thats a fair reasoning. Will you add a PR to the branch?

@XcrigX
Copy link
Contributor

XcrigX commented Mar 23, 2022

Certainly.. will submit it shortly

@XcrigX
Copy link
Contributor

XcrigX commented Mar 23, 2022

That was harder than I thought.. turns out github wont let you have a fork and a fork of a fork for the same project..
submitted: #338

@XcrigX
disable springboot actuator endpoints other than 'health' for securit…
da319e8 
…y reasons (#338)

Co-authored-by: Craig McClendon <craig.mcclendon@accenture.com>
@jkiddo jkiddo self-assigned this Apr 5, 2022
@patrick-werner patrick-werner merged commit 21165cc into master Apr 13, 2022
@chgl chgl mentioned this pull request Apr 15, 2022
Merged
@jkiddo jkiddo deleted the feature/spring-boot-actuator branch May 9, 2022 19:35
@chgl chgl mentioned this pull request Sep 2, 2023
Closed
@arran-standish arran-standish mentioned this pull request Apr 11, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@patrick-werner patrick-werner patrick-werner approved these changes

Assignees

@jkiddo jkiddo

@patrick-werner patrick-werner

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jkiddo @XcrigX @patrick-werner