What about Security?

  1. You may NOT Want to expose all of this information
  2. Add Spring Security to project and endpoints are secured
  3. /health and /info are still available you can disable them if you want

FILE : /demowithtool/src/main/resources/application.properties

#use wildcard  "*" to exposed all endpoints
#Can also exposed individual endpoints with a comma-delimited list	
management.endpoints.web.exposure.include=*
#Exclude individual endpoints with a comma-delimited list
management.endpoints.web.exposure.exclude=health,info

Add in your POM.XML file Spring Security dependency

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
</dependencies>

Default User Name: user

Default password: See Your Console

Using generated security password: 7f289525-fe1b-4876-9a90-d515a1a496f9

Spring Security configuration

you can override default user name and generated password

FILE : /demowithtool/src/main/resources/application.properties

spring.security.user.name=ashu
spring.security.user.password=ashu

For More Detail about Security

Customizing Spring Security

You can customize Spring Security for Spring Boot Actuator. Use a database for roles,encrypted passwords etc...

@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		UserBuilder users = User.withDefaultPasswordEncoder();
		auth.inMemoryAuthentication()
			.withUser(users.username("aman").password("aman").roles("ADMIN"))
			.withUser(users.username("annu").password("annu").roles("MANAGER"))
			.withUser(users.username("ashu").password("ashu").roles("EMPLOYEE"));
	}

	@Override
	protected void configure(HttpSecurity httpSecurity) throws Exception {

		httpSecurity.authorizeRequests()
				.antMatchers("/").permitAll()
				.antMatchers("/Actuator/**").hasRole("ADMIN")
				.and()
				.formLogin()
					.loginPage("/showMyLoginPage")
					.loginProcessingUrl("/authenticateTheUser")
				.permitAll()
				.and()
				.logout()
					.logoutSuccessUrl("/")  // after logout redirect to landing page (root)
					.permitAll()
					.and()
				.exceptionHandling().accessDeniedPage("/access-denied");
				
		
	}