Login page displayed for environment when there is no security #4186
Description
Spring Boot Admin Server information
-
Version:
3.4.5 -
Spring Boot version:
3.4.4 -
Configured Security:
No security -
Webflux or Servlet application:
default one
server.forward-headers-strategy=native
spring.boot.admin.context-path=/bsa
spring.boot.admin.ui.public-url=https://dev-deposit.com/bsa
spring.boot.admin.instance-auth.enabled=false
Client information
-
Spring Boot versions:
3.4.4 -
Used discovery mechanism:
spring.boot.admin.client.url=http://dep12l:8080/bsa
#https://dev-deposit.com/bsa work too
spring.boot.admin.client.instance.metadata.tags.environment=dev
management.endpoint.configprops.show-values=always
management.endpoint.env.show-values=always
management.endpoints.web.exposure.include=* -
Webflux or Servlet application:
servlet
Description
An apache server is in front of the application. There is not security for the /actuator endpoint.
.and().authorizeHttpRequests().requestMatchers(HttpMethod.GET, "/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html", "/actuator/**").permitAll()
I can get env info without issue , no need to enter login password via curl /actuator/env
When I try to go to environment page, there is a login page who are displayed.
** Question **
spring boot admin link display
https://dev-deposit.com/bsa/instances/7a053ec80912/actuator/env
if i click on the link, I see something in red who said fetching... and switch directly to this
if i copy page this url: https://dev-deposit.com/bsa/instances/7a053ec80912/actuator/env
to another tab, i get all value of env
Why spring boot admin display me a login page when there is no security for /actuator/env?