I have just started using SpringBoot3 with Java 21 .. I am trying to create a secured endpoint. As a first step trying to access the actuator endpoint but getting 403 forbidden. Please find the code below and suggest
Java Version : 21
Spring Boot Version : 3.2.7
@Configuration
@EnableWebSecurity
public class SecurityConfig {
private static final String[] AUTH_WHITELIST = {
"/actuator/**"
};
@Bean
public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
return httpSecurity
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(auth -> auth.requestMatchers(AUTH_WHITELIST).permitAll()
.anyRequest().authenticated())
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.build();
}
}
http://localhost:9100/actuator : is giving 403 forbidden
application.yaml
spring:
application:
name: SpringBootREST3
logging:
level:
org:
springframework:
security: DEBUG
server:
port: 9100
management:
endpoints:
web:
exposure:
include: "*"
logs
2024-07-16T10:15:54.055+05:30 DEBUG 8300 --- [SpringBootREST3] [nio-9100-exec-3] o.s.security.web.FilterChainProxy : Securing GET /actuator
2024-07-16T10:15:54.055+05:30 DEBUG 8300 --- [SpringBootREST3] [nio-9100-exec-3] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2024-07-16T10:15:54.056+05:30 DEBUG 8300 --- [SpringBootREST3] [nio-9100-exec-3] o.s.security.web.FilterChainProxy : Secured GET /actuator
2024-07-16T10:15:54.059+05:30 DEBUG 8300 --- [SpringBootREST3] [nio-9100-exec-3] o.s.security.web.FilterChainProxy : Securing GET /error
2024-07-16T10:15:54.059+05:30 DEBUG 8300 --- [SpringBootREST3] [nio-9100-exec-3] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2024-07-16T10:15:54.059+05:30 DEBUG 8300 --- [SpringBootREST3] [nio-9100-exec-3] o.s.s.w.a.Http403ForbiddenEntryPoint : Pre-authenticated entry point called. Rejecting access
4