In a Spring Security configuration, how do you ensure that only users with the role 'ADMIN' can access all actuator endpoints under /actuator/**?

easy📝 Syntax Q3 of 15

Spring Boot - Actuator

In a Spring Security configuration, how do you ensure that only users with the role 'ADMIN' can access all actuator endpoints under /actuator/**?

Ahttp.authorizeHttpRequests().requestMatchers("/actuator/**").permitAll().and().httpBasic();

Bhttp.authorizeHttpRequests().requestMatchers("/actuator/**").hasRole("ADMIN").and().formLogin();

Chttp.authorizeHttpRequests().anyRequest().authenticated().and().csrf().disable();

Dhttp.authorizeHttpRequests().requestMatchers("/actuator/**").hasAuthority("USER").and().formLogin();

Step-by-Step Solution

Solution:

Step 1: Use requestMatchers for actuator endpoints
The matcher /actuator/** targets all actuator endpoints.
Step 2: Restrict access to role 'ADMIN'
Using hasRole("ADMIN") ensures only users with this role can access these endpoints.
Step 3: Enable form login
Adding formLogin() enables a login page for authentication.
Final Answer:
http.authorizeHttpRequests().requestMatchers("/actuator/**").hasRole("ADMIN").and().formLogin(); correctly restricts actuator endpoints to ADMIN users.
Quick Check:
Matcher + hasRole + formLogin [OK]

Quick Trick: Use requestMatchers with hasRole for endpoint restriction [OK]

Common Mistakes:

Master "Actuator" in Spring Boot

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More Spring Boot Quizzes