diff --git a/src/main/java/de/avatic/lcc/config/SecurityConfig.java b/src/main/java/de/avatic/lcc/config/SecurityConfig.java index eb1ca34..73c815f 100644 --- a/src/main/java/de/avatic/lcc/config/SecurityConfig.java +++ b/src/main/java/de/avatic/lcc/config/SecurityConfig.java @@ -70,6 +70,8 @@ public class SecurityConfig { .cors(cors -> cors.configurationSource(prodCorsConfigurationSource())) // Production CORS .authorizeHttpRequests(auth -> auth .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll() + .requestMatchers("/actuator/health").permitAll() + .requestMatchers("/actuator/**").authenticated() .requestMatchers("/oauth2/token").permitAll() .requestMatchers("/api/**").authenticated() .requestMatchers("/api/dev/**").denyAll() @@ -174,6 +176,8 @@ public class SecurityConfig { .cors(cors -> cors.configurationSource(devCorsConfigurationSource())) // Dev CORS .authorizeHttpRequests(auth -> auth .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll() + .requestMatchers("/actuator/health").permitAll() + .requestMatchers("/actuator/**").permitAll() .requestMatchers("/oauth2/token").permitAll() .requestMatchers("/api/**").permitAll() .requestMatchers("/api/dev/**").permitAll() diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 7322fef..cb58070 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -14,7 +14,7 @@ spring.cloud.azure.active-directory.authorization-clients.graph.scopes=openid,pr # Management Endpoints management.endpoints.web.exposure.include=health,info,metrics -management.endpoint.health.show-details=always +management.endpoint.health.show-details=when-authorized # Flyway Migration spring.flyway.enabled=true