了解弹簧引导中的执行器角色
[英]Understanding ACTUATOR role in spring boot
问题描述
After recent spring boot upgrade (1.5+) I am no longer able to access /metrics endpoint in my application. 
在最近的春季启动升级(1.5+)之后,我不再能够访问应用程序中的/ metrics端点。 To solve this, I added management.security.enabled=false and management.security.roles=ACTUATOR. 为了解决这个问题,我添加了management.security.enabled = false和management.security.roles = ACTUATOR。 This allowed me to access the endpoint and it still required credentials before viewing. 这使我可以访问端点,并且在查看之前仍然需要凭据。 This works but I don't understand why. 这行得通,但我不明白为什么。 Am I only disabling the ACTUATOR role to access this endpoint? 我是否仅禁用ACTUATOR角色来访问此端点? Is there any security risk here? 这里有安全隐患吗?
1 个解决方案
解决方案1
0 2018-07-10 22:35:35
I know after you move to spring boot 2.0.0.M5 only status and info endpoints are enabled by default. 我知道在移至spring boot 2.0.0.M5之后,默认情况下仅启用状态和信息端点。 In Spring Boot 2 also you no longer need to have management.security.enabled https://github.com/spring-projects/spring-boot/issues/11383 在Spring Boot 2中,您也不再需要具有management.security.enabled https://github.com/spring-projects/spring-boot/issues/11383
I generally use this: 我通常使用这个:
management.endpoints.web.exposure.include=info, health, metrics, env, beans, configprops management.endpoints.web.exposure.include =信息,运行状况,指标,环境,bean,configprops
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.