Health endpoint not working over HTTPS in Spring Boot 1.5

1
votes

I recently updated the version of Spring Boot in my application from 1.4 to 1.5.1 and I noticed that the healtch check started to fail after deployment to Elastic Beanstalk on AWS.

In our AWS environments, all communication is over HTTPS including health and it used to work fine with Spring Boot and Actuator 1.4 but we started to get 401 on the actuator health endpoint in verson 1.5.

Does anyone have same problem? Not sure what changed in this release relating this topic but I have not found any solution by reading release notes. Would be glad for any help.

1
javaspring-bootamazon-elastic-beanstalkspring-boot-actuator

1 Answers

6
votes

Nothing to do with https.

Since 1.5.1 health points are by default secure, which is why you are getting 401's.

It's in the release notes:

https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-1.5-Release-Notes

"Actuator "sensitive" endpoints are now secure by default (even if don’t have a dependency on "Spring Security"). If your existing Spring Boot 1.4 application makes use of Spring Security (and doesn’t have any custom security configuration) things should work as before. If your existing Spring Boot 1.4 application has custom security configuration and you wish to have open access to your sensitive endpoints, you will need to explicitly configure that in your security configuration. If you’re upgrading a Spring Boot 1.4 application that doesn’t have dependency on Spring Security and you wish to retain open access to your sensitive endpoints you’ll need to set management.security.enabled to false. See the updated reference documentation for more details."