diff --git a/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/README.md b/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/README.md
index 0cf0ccf8d91bbfa3215ba838cd049b17d8a8afd8..a246beb89947e4bd7e5ef341c9a9a7415f04ae67 100644
--- a/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/README.md
+++ b/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/README.md
@@ -5,4 +5,8 @@
```
curl http://localhost:8080/actuator/mappings -u application:whatsmars-spring-boot
-```
\ No newline at end of file
+```
+
+如果要禁止http访问actuator,有两种方式:
+- 增加 ActuatorFilter,拦截 /actuator 开头的请求
+- 非Web应用中去掉Web模块
\ No newline at end of file
diff --git a/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/pom.xml b/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/pom.xml
index f2488ea4d9269e2ced4890e9a60df5e7e7dcf8bc..917d28420652ad5564f378167ce06661b884bbae 100644
--- a/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/pom.xml
+++ b/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/pom.xml
@@ -27,10 +27,6 @@
org.springframework.boot
spring-boot-starter-security
-
- org.hongxi
- whatsmars-common
-
\ No newline at end of file
diff --git a/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/src/main/java/org/hongxi/whatsmars/boot/sample/actuator/StandardWebSecurityConfigurer.java b/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/src/main/java/org/hongxi/whatsmars/boot/sample/actuator/StandardWebSecurityConfigurer.java
index 8e30b529bab8c5f1504fd4a866a9b60acb7e9045..07c201fd6124322580fd8197189454172749791d 100644
--- a/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/src/main/java/org/hongxi/whatsmars/boot/sample/actuator/StandardWebSecurityConfigurer.java
+++ b/whatsmars-spring-boot-samples/whatsmars-boot-sample-actuator/src/main/java/org/hongxi/whatsmars/boot/sample/actuator/StandardWebSecurityConfigurer.java
@@ -23,7 +23,8 @@ public class StandardWebSecurityConfigurer extends WebSecurityConfigurerAdapter
@Override
public void configure(HttpSecurity http) throws Exception {
- http.authorizeRequests()
+ http.csrf().disable()
+ .authorizeRequests()
.requestMatchers(EndpointRequest.to(
MappingsEndpoint.class,
EnvironmentEndpoint.class,
@@ -36,7 +37,7 @@ public class StandardWebSecurityConfigurer extends WebSecurityConfigurerAdapter
.anyRequest()
.permitAll()
.and()
- .httpBasic();
+ .httpBasic();
}
}
\ No newline at end of file