You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc
+16-10
Original file line number
Diff line number
Diff line change
@@ -282,19 +282,27 @@ NOTE: The `management.endpoint.<name>` prefix uniquely identifies the endpoint t
282
282
283
283
[[actuator.endpoints.sanitization]]
284
284
=== Sanitize Sensitive Values
285
-
Information returned by the `/env`, `/configprops` and `/quartz` endpoints can be somewhat sensitive.
286
-
All values are sanitized by default (that is replaced by `+******+`).
287
-
Viewing original values in the unsanitized form can be configured per endpoint using the `showValues` property for that endpoint.
288
-
This property can be configured to have the following values:
285
+
Information returned by the `/env`, `/configprops` and `/quartz` endpoints can be sensitive, so by default values are always fully sanitized (replaced by `+******+`).
289
286
290
-
- `ALWAYS` - all values are shown in their unsanitized form to all users
291
-
- `NEVER` - all values are always sanitized (that is replaced by `+******+`)
292
-
- `WHEN_AUTHORIZED` - all values are shown in their unsanitized form to authorized users
287
+
Values can only be viewed in an unsanitized form when:
288
+
289
+
- The `show-values` property has been set to something other than `NEVER`
290
+
- No custom `<<howto#howto.actuator.customizing-sanitization, SanitizingFunction>>` beans apply
291
+
292
+
The `show-values` property can be configured for sanitizable endpoints to one of the following values:
293
+
294
+
- `NEVER` - values are always fully sanitized (replaced by `+******+`)
295
+
- `ALWAYS` - values are shown to all users (as long as no `SanitizingFunction` bean applies)
296
+
- `WHEN_AUTHORIZED` - values are shown only to authorized users (as long as no `SanitizingFunction` bean applies)
293
297
294
298
For HTTP endpoints, a user is considered to be authorized if they have authenticated and have the roles configured by the endpoint's roles property.
295
299
By default, any authenticated user is authorized.
300
+
296
301
For JMX endpoints, all users are always authorized.
297
302
303
+
The following example allows all users with the `admin` role to view values from the `/env` endpoint in their original form.
304
+
Unuthorized users, or users without the `admin` role, will see only sanitized values.
@@ -304,9 +312,7 @@ For JMX endpoints, all users are always authorized.
304
312
roles: "admin"
305
313
----
306
314
307
-
The configuration above enables the ability for all users with the `admin` role to view all values in their original form from the `/env` endpoint.
308
-
309
-
NOTE: When `show-values` is set to `ALWAYS` or `WHEN_AUTHORIZED` any sanitization applied by a `<<howto#howto.actuator.customizing-sanitization, SanitizingFunction>>` will still be applied.
315
+
NOTE: This example assumes that no `<<howto#howto.actuator.customizing-sanitization, SanitizingFunction>>` beans have been defined.
0 commit comments