Skip to content

feat(security): restrict /admin and /actuator to management port 9090#77

Draft
Copilot wants to merge 3 commits intomainfrom
copilot/ensure-admin-route-on-port-9090
Draft

feat(security): restrict /admin and /actuator to management port 9090#77
Copilot wants to merge 3 commits intomainfrom
copilot/ensure-admin-route-on-port-9090

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 28, 2026
edited
Loading

Ensures /admin/** and /actuator/** endpoints are exclusively served on port 9090 (Spring Boot management context), never reachable on the public port 8080.

Security config

  • Removed /actuator/** from SecurityConfig permit-all rules — those routes don't exist on port 8080 when management.server.port differs
  • Added management.server.port: 9090 and exposed health, info, metrics actuator endpoints

Admin dashboard (/admin/**)

New AdminDashboardController annotated @Hidden (excluded from public Swagger):

Endpoint Description
GET /admin/resumo KPIs: buscas_total, buscas_ia, triagens, cache_hits, timestamp
GET /admin/top-municipios?top=N Most-queried municipalities
GET /admin/top-estados?top=N Most-queried states
GET /admin/municipios-risco Municipalities by search frequency
GET /admin/buscas-ia Most frequent natural-language queries
GET /admin/index.html HTML dashboard (Content-Type: text/html set explicitly on ResponseEntity)

Metrics (AdminMetricsService)

In-memory counters backed by Micrometer — no high-cardinality tags to avoid unbounded registry growth:

// Static counters registered once at startup
Counter.builder("vigisus.buscas.total").register(meterRegistry);
Counter.builder("vigisus.buscas.municipio").register(meterRegistry); // total, no per-municipality tags
Counter.builder("vigisus.buscas.ia").register(meterRegistry);
Counter.builder("vigisus.triagens.total").register(meterRegistry);
Counter.builder("vigisus.cache.hits").register(meterRegistry);

BuscaCompletaUseCase and TriagemService call into AdminMetricsService to increment counters on each request.

Docker

Added "9090:9090" port mapping to docker-compose.yml so the admin port is reachable for operators.

⌨️ Start Copilot coding agent tasks without leaving your editor — available in VS Code, Visual Studio, JetBrains IDEs and Eclipse.

@rebecanonato89
Changes before error encountered
8c91f4d 
Agent-Logs-Url: https://github.com/fiap-tech-challenge-java/vigisus/sessions/d77cddbd-c0f0-4a8e-9fa8-d2d267a88ba8

Co-authored-by: rebecanonato89 <38442994+rebecanonato89@users.noreply.github.com>
Copilot AI requested a review from rebecanonato89 March 28, 2026 14:17
Copilot AI changed the title [WIP] Ensure /admin responds only on port 9090 feat(security): restrict /admin and /actuator to management port 9090 Mar 31, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rebecanonato89 rebecanonato89 Awaiting requested review from rebecanonato89

Assignees

@rebecanonato89 rebecanonato89

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rebecanonato89