I am operating Nexus Repository Manager. Currently the repositories are configured to be secure. But if someone access the UI without logging in, they can click on “Server configuration and Management” and then click on “System Information” under Support. That is an issue since it displays environment variables and some of them carry credentials.
How can I stop anonymous user from navigating to those pages ?
Has the security realm of the anonymous user been changed under “security → anonymous”? It should be the “local authorizing realm”. Also make sure the anonymous user name is set to “anonymous”.