Skip to content

Commit 4b39d34

Browse files
lhotarilhotari
committed
Make heapdump endpoint restricted by default
Signed-off-by: Lari Hotari <[email protected]>
1 parent a733428 commit 4b39d34

File tree

3 files changed

+5
-2
lines changed

3 files changed

+5
-2
lines changed

spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/management/HeapDumpWebEndpointDocumentationTests.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@
3030
import org.springframework.restdocs.cli.CliDocumentation;
3131
import org.springframework.restdocs.cli.CurlRequestSnippet;
3232
import org.springframework.restdocs.operation.Operation;
33+
import org.springframework.test.context.TestPropertySource;
3334
import org.springframework.util.FileCopyUtils;
3435

3536
import static org.assertj.core.api.Assertions.assertThat;
@@ -40,6 +41,7 @@
4041
*
4142
* @author Andy Wilkinson
4243
*/
44+
@TestPropertySource(properties = "management.endpoint.heapdump.access=unrestricted")
4345
class HeapDumpWebEndpointDocumentationTests extends MockMvcEndpointDocumentationTests {
4446

4547
@Test

spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/management/HeapDumpWebEndpoint.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@
3636
import org.apache.commons.logging.Log;
3737
import org.apache.commons.logging.LogFactory;
3838

39+
import org.springframework.boot.actuate.endpoint.Access;
3940
import org.springframework.boot.actuate.endpoint.annotation.Endpoint;
4041
import org.springframework.boot.actuate.endpoint.annotation.ReadOperation;
4142
import org.springframework.boot.actuate.endpoint.web.WebEndpointResponse;
@@ -56,7 +57,7 @@
5657
* @author Andy Wilkinson
5758
* @since 2.0.0
5859
*/
59-
@WebEndpoint(id = "heapdump")
60+
@WebEndpoint(id = "heapdump", defaultAccess = Access.NONE)
6061
public class HeapDumpWebEndpoint {
6162

6263
private final long timeout;

spring-boot-project/spring-boot-docs/src/docs/antora/modules/reference/pages/actuator/endpoints.adoc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -120,7 +120,7 @@ If your application is a web application (Spring MVC, Spring WebFlux, or Jersey)
120120
[[actuator.endpoints.controlling-access]]
121121
== Controlling Access to Endpoints
122122

123-
By default, access to all endpoints except for `shutdown` is unrestricted.
123+
By default, access to all endpoints except for `shutdown` and `heapdump` is unrestricted.
124124
To configure the permitted access to an endpoint, use its `management.endpoint.<id>.access` property.
125125
The following example allows unrestricted access to the `shutdown` endpoint:
126126

0 commit comments

Comments
 (0)