Home > Net >  Server generating env.json file in Spring Application
Server generating env.json file in Spring Application

Time:09-17

After running the Spring Boot Application, I can access a file on the server using the below link:

http://localhost:8080/myweb/env.json

This file not contains only the server-related data but also the application-related data. Application-related data has all the properties defined in the application.properties file. This is a security vulnerability.

{
  "profiles": [],
  "server.ports": {
    "local.server.port": 8080
  },
  "servletContextInitParams": {},
  "systemProperties": {},
  "systemEnvironment": {},
  "applicationConfig: [classpath:/application.properties]": {}
}

How this file is getting generated and how can we restrict it from accessing publically?

CodePudding user response:

This is from Spring Boot Actuator

management.endpoint.env.enabled=false

will disable this endpoint

if it does not work try

management.endpoints.web.exposure.exclude=env

or you can disable all of them with this config

management.endpoints.enabled-by-default=false

you can read more about it here: https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html

Page link:https//www.codepudding.com/net/117232.html

Prev:How to query a key via a variable?
Next:Is it possible to bind a Spring controller request parameter to an object with multiple constructors
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding