I have a spring boot web application with security configurations to forward all unauthorized requests to /login. I set up a spring boot management port different from my application port. When I go to the management port and try to access /health, it tries to send me to /login on that port and I get this response:
''' {"timestamp":1435680239995,"status":404,"error":"Not Found","message":"No message available","path":"/login"} '''
I found this question but I couldn't make it work in my application: Spring Boot Management security works differently with port set
What's the right way of making this pretty basic Spring Security config work with Spring Boot when trying to set a separate management port??
Here is the pertinent part of my spring security configs:
```
@Configuration
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable() //temporary
.authorizeRequests()
.antMatchers("/public/**").permitAll()
.antMatchers("/private*/**").access("hasRole('ADMIN')")
.antMatchers("/**").access("hasRole('USER')");
http
.formLogin().failureUrl("/login?error")
.defaultSuccessUrl("/")
.loginPage("/login")
.permitAll()
.and()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login")
.permitAll();
}
}
```
Thank you!
UPDATE:
I couldn't make the solution above to work but I found a workaround by putting my management endpoints under what spring security thinks is the public (permitAll) route. Then exposed that behind a different port. This works for my purposes which was to be able to expose a health check to my ELB on a port that is only exposed to the ELB.
management:
port: 8081
context-path: /public
security:
enabled: false