Finally I managed to solve my problem. I only included the endpoints / info and / health in the drive. And to allow access to the / info endpoint only for users with the ADMIN role, I needed to set up drive control protection and spring security configuration.
So my application.yml looks like this:
endpoints.enabled: false endpoints: info.enabled: true health.enabled: true management.security.role: ADMIN
And spring security setting like this (where I needed to change the management order of ManagementSecurityConfig to have a higher priority):
@Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class SecurityConfiguration { @Configuration protected static class AuthenticationSecurity extends GlobalAuthenticationConfigurerAdapter { @Autowired private AuthenticationProvider authenticationProvider; public AuthenticationSecurity() { super(); } @Override public void init(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication().withUser("admin").password("secret").roles("ADMIN"); } } @Configuration @Order(Ordered.HIGHEST_PRECEDENCE + 2) public static class ManagementSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() .requestMatchers() .antMatchers("/info/**") .and() .authorizeRequests() .anyRequest().hasRole("ADMIN") .and() .httpBasic(); } } @Configuration public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception {