'Secure REST APIs, but allow only HEAD healthchecks?

I am trying to secure my REST endpoints by allowing only HTTPS traffic by using this:

http.requiresChannel().requiresSecure();

in the SecurityConfiguration class that extends WebSecurityConfigurerAdapter.

However, I do need to allow HTTP traffic to a /health endpoint, that is done using a HEAD method. I did try this:

http.requiresChannel().regexMatchers("^((?!/health).)*$").requiresSecure();

but the /health checks are failing with a 503 Service Unavailable error.

Is there some way to allow only the HEAD method as HTTP?

Thanks in advance.

javaspringspring-bootrestweb-services


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions