Replit
api
Spring Actuator Endpoints Returning 401
Spring Actuator endpoints (/actuator/metrics, /actuator/health) return 401 Unauthorized. Metrics and health checks are blocked.
Security configuration restricts actuator access inappropriately.
Error Messages You Might See
401 Unauthorized
Access Denied
Authentication required
Common Causes
- Authentication required for actuator endpoints
- ROLE not matching actuator security rule
- Actuator endpoints not exposed in application.yml
- Too strict SecurityFilterChain
- CSRF token missing for POST requests
How to Fix It
In application.yml: management.endpoints.web.exposure.include=health,metrics. In SecurityConfig: permitAll() for /actuator/** or httpBasic(). Use @EnableSpringDataWebSupport for proper role checking. For development, disable auth: management.security.enabled=false (NOT for production).
Real developers can help you.
Prakash Prajapati
I’m a Senior Python Developer specializing in building secure, scalable, and highly available systems. I work primarily with Python, Django, FastAPI, Docker, PostgreSQL, and modern AI tooling such as PydanticAI, focusing on clean architecture, strong design principles, and reliable DevOps practices. I enjoy solving complex engineering problems and designing systems that are maintainable, resilient, and built to scale.
Jen Jacobsen
I’m a Full-Stack Developer with over 10 years of experience building modern web and mobile applications. I enjoy working across the full product lifecycle — turning ideas into real, well-built products that are intuitive for users and scalable for businesses.
I particularly enjoy building mobile apps, modern web platforms, and solving complex technical problems in a way that keeps systems clean, reliable, and easy to maintain.
Daniel Vázquez
Software Engineer with over 10 years of experience on Startups, Government, big tech industry & consulting.
Richard McSorley
Full-Stack Software Engineer with 8+ years building high-performance applications for enterprise clients. Shipped production systems at Walmart (4,000+ stores), Cigna (20M+ users), and Arkansas Blue Cross. 5 patents in retail/supply chain tech. Currently focused on AI integrations, automation tools, and TypeScript-first architectures.
Jaime Orts-Caroff
I'm a Senior Android developer, currently working at Aircall. I'm open to work in various fields!
PawelPloszaj
I'm fronted developer with 10+ years of experience with big projects. I have small backend background too
Matthew Jordan
I've been working at a large software company named Kainos for 2 years, and mainly specialise in Platform Engineering. I regularly enjoy working on software products outside of work, and I'm a huge fan of game development using Unity. I personally enjoy Python & C# in my spare time, but I also specialise in multiple different platform-related technologies from my day job.
legrab
I'll fill this later
BurnHavoc
Been around fixing other peoples code for 20 years.
Matt Butler
Software Engineer @ AWS
You don't need to be technical. Just describe what's wrong and a verified developer will handle the rest.
Get HelpFrequently Asked Questions
Which endpoints should be public?
/actuator/health is usually public. /actuator/metrics usually needs auth
How do I expose all actuator endpoints?
management.endpoints.web.exposure.include=* (only for internal apps!)