Blog | Juanchi.dev | Juanchi.dev

All Experiments History Opinion Reflections Technology Tutorials

Tag: actuator

2 articles

Spring Security with Spring Boot Actuator: the authorization model that survived the incident

Locking down Actuator endpoints isn't enough. After the incident, I rebuilt the authorization model from scratch: explicit SecurityFilterChain, separate health groups, roles for /metrics and /env, and real validation with curl. This is what's still standing.

7 min65

Experimentsdevopsbackend

Spring Boot Actuator in Production: The Endpoints I Left Open by Accident and How I Closed Them

After publishing my Jakarta EE vs Spring Boot analysis, I audited Actuator's defaults on a backend I own and found sensitive endpoints wide open — ones I never consciously configured. Here's the hardening checklist I built afterward.

7 min107