[Solved] Given this Spring Security config snippet, what will be the access behavior for the /actuator/health endpoint?http .authorizeHttpRequests() .requestMatchers("/actuator/health").permitAll() .... | Spring Boot

Spring Boot - Actuator

Given this Spring Security config snippet, what will be the access behavior for the /actuator/health endpoint?

http
  .authorizeHttpRequests()
  .requestMatchers("/actuator/health").permitAll()
  .requestMatchers("/actuator/**").authenticated()

A/actuator/health requires authentication

BAll actuator endpoints require ADMIN role

C/actuator/health is publicly accessible

DAll actuator endpoints are publicly accessible

Step-by-Step Solution

Solution:

Step 1: Analyze matcher order and specificity
The specific matcher for /actuator/health is set to permitAll(), so it is public.
Step 2: Understand fallback matcher
Other actuator endpoints require authentication, but health is excluded.
Final Answer:
/actuator/health is publicly accessible -> Option C
Quick Check:
Specific permitAll matcher overrides general authenticated matcher [OK]

Quick Trick: Specific matchers override general ones in Spring Security [OK]

Common Mistakes:

Master "Actuator" in Spring Boot

9 interactive learning modes - each teaches the same concept differently

More Spring Boot Quizzes

Given this Spring Security config snippet, what will be the access behavior for the /actuator/health endpoint?