How to disable security just for /actuator/health? [closed]
Solution 1:
the first example will still include security features like CORS and different basic security headers. You have only excluded that spring security wont ask for authentication.
While the second example will ignore everything that has to do with spring security, and the requests will not pass through any of spring securitys basic security filters.
Alternative one is always better.
Here you can read about the common security protection you get from spring security per default
Protection Against Exploits