Investigate the effort required to implement basic auth ourselves #7673
Labels
status: declined
A suggestion or change that we don't feel we should currently apply
Comments
|
After considering all the options I don't think that we should do this. Although it may not be too much code, I think it's quite confusing to have security features sometimes implemented by us and sometimes by Spring Security. The current situation is quite easy to describe and I think it's pretty reasonable. You need to be a member of the "actuator" group or you need to disable endpoint security if you want to get access. We don't really care how login occurs, as long as the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We now protect actuator endpoints out the box but without Spring Security there's no way to login. It might be possible for us to implement basic auth ourselves.
The text was updated successfully, but these errors were encountered: