2 files changed, 26 insertions, 6 deletions

diff --git a/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java b/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java
index d38771d78..e8b28079b 100644
--- a/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java
+++ b/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/config/SecurityConfig.java
@@ -20,6 +20,7 @@
 
 package org.onap.policy.clamp.acm.runtime.config;
 
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -30,20 +31,35 @@ import org.springframework.security.web.SecurityFilterChain;
  */
 @Configuration
 public class SecurityConfig {
+    @Value("${metrics.security.disabled}")
+    private boolean disableMetricsSecurity;
     /**
      * Return the configuration of how access to this module's REST end points is secured.
      *
      * @param http the HTTP security settings
      * @return the HTTP security settings
      */
+
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-        http
-            .httpBasic()
-            .and()
-            .authorizeHttpRequests().anyRequest().authenticated()
-            .and()
-            .csrf().disable();
+        if (disableMetricsSecurity) {
+            http
+                    .httpBasic()
+                    .and()
+                    .authorizeHttpRequests(request ->
+                        request
+                                .antMatchers("/prometheus").permitAll()
+                                .anyRequest().authenticated())
+                    .csrf().disable();
+        } else {
+            http
+                    .httpBasic()
+                    .and()
+                    .authorizeHttpRequests().anyRequest().authenticated()
+                    .and()
+                    .csrf().disable();
+        }
+
         return http.build();
     }
 }
diff --git a/runtime-acm/src/main/resources/application.yaml b/runtime-acm/src/main/resources/application.yaml
index 8dd4b574a..6a0213720 100755
--- a/runtime-acm/src/main/resources/application.yaml
+++ b/runtime-acm/src/main/resources/application.yaml
@@ -29,6 +29,10 @@ spring:
         dialect: org.hibernate.dialect.MariaDB103Dialect
         format_sql: true
 
+metrics:
+  security:
+    disabled: false
+
 security:
   enable-csrf: false