spring_reference/V. Spring Boot Actuator/41.1. Securing sensitive en...

13 lines
860 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

### 41.1. 保护敏感端点
如果你的项目中添加的有Spring Security所有通过HTTP暴露的敏感端点都会受到保护。默认情况下会使用基本认证basic authentication用户名为user密码为应用启动时在控制台打印的密码
你可以使用Spring属性改变用户名密码和访问端点需要的安全角色。例如你可能会在application.properties中添加下列配置
```java
security.user.name=admin
security.user.password=secret
management.security.role=SUPERUSER
```
**注**如果你不使用Spring Security那你的HTTP端点就被公开暴露你应该慎重考虑启用哪些端点。具体参考[Section 40.1, “Customizing endpoints”](http://docs.spring.io/spring-boot/docs/current-SNAPSHOT/reference/htmlsingle/#production-ready-customizing-endpoints)。