Bird
0
0

Why does this security config fail to secure actuator endpoints?

medium📝 Debug Q7 of 15
Spring Boot - Actuator
Why does this security config fail to secure actuator endpoints?
http.authorizeHttpRequests()
  .requestMatchers("/actuator/**").hasRole("ADMIN")
  .anyRequest().authenticated();
ABecause the order of matchers is incorrect
BBecause CSRF is not disabled for actuator endpoints
CBecause actuator endpoints are not exposed
DBecause hasRole("ADMIN") requires prefix ROLE_ in database
Step-by-Step Solution
Solution:

  1. Step 1: Verify exposure of actuator endpoints

    If actuator endpoints are not exposed via properties, security rules have no effect.

  2. Step 2: Confirm exposure property is missing or incorrect

    Without management.endpoints.web.exposure.include, endpoints remain inaccessible and unsecured.

  3. Final Answer:

    Because actuator endpoints are not exposed -> Option C

  4. Quick Check:

    Exposure is prerequisite for securing endpoints [OK]
Quick Trick: Expose endpoints before applying security rules [OK]
Common Mistakes:
  • Blaming matcher order without checking exposure
  • Confusing role prefix with exposure
  • Ignoring exposure property

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Spring Boot Quizzes
API Documentation - Generating client code from spec - Quiz 4medium API Documentation - @Operation annotation for descriptions - Quiz 13medium API Documentation - @Operation annotation for descriptions - Quiz 5medium Aspect-Oriented Programming - @Around advice for full control - Quiz 8hard Async Processing - @Async for async methods - Quiz 3easy Docker and Deployment - Dockerfile for Spring Boot - Quiz 4medium Spring Boot Actuator - Prometheus and Grafana integration concept - Quiz 13medium Testing Spring Boot Applications - @MockBean for mocking dependencies - Quiz 2easy Testing Spring Boot Applications - Test containers for database testing - Quiz 14medium Testing Spring Boot Applications - @MockBean for mocking dependencies - Quiz 1easy