diff --git a/spring-5-reactive/src/main/java/com/baeldung/reactive/security/SecurityConfig.java b/spring-5-reactive/src/main/java/com/baeldung/reactive/security/SecurityConfig.java
index cb1e7d1312..d3468f0a0f 100644
--- a/spring-5-reactive/src/main/java/com/baeldung/reactive/security/SecurityConfig.java
+++ b/spring-5-reactive/src/main/java/com/baeldung/reactive/security/SecurityConfig.java
@@ -1,5 +1,6 @@
 package com.baeldung.reactive.security;
 
+import org.springframework.boot.actuate.autoconfigure.security.reactive.EndpointRequest;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
@@ -9,6 +10,8 @@ import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 
+import com.baeldung.reactive.actuator.FeaturesEndpoint;
+
 @EnableWebFluxSecurity
 @EnableReactiveMethodSecurity
 public class SecurityConfig {
@@ -16,25 +19,33 @@ public class SecurityConfig {
     @Bean
     public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
         return http.authorizeExchange()
-                .pathMatchers("/admin").hasAuthority("ROLE_ADMIN")
-                .anyExchange().permitAll()
-                .and().formLogin()
-                .and().build();
+            .pathMatchers("/admin")
+            .hasAuthority("ROLE_ADMIN")
+            .matchers(EndpointRequest.to(FeaturesEndpoint.class))
+            .permitAll()
+            .anyExchange()
+            .permitAll()
+            .and()
+            .formLogin()
+            .and()
+            .csrf()
+            .disable()
+            .build();
     }
 
     @Bean
     public MapReactiveUserDetailsService userDetailsService() {
         UserDetails user = User.withDefaultPasswordEncoder()
-                .username("user")
-                .password("password")
-                .roles("USER")
-                .build();
+            .username("user")
+            .password("password")
+            .roles("USER")
+            .build();
 
         UserDetails admin = User.withDefaultPasswordEncoder()
-                .username("admin")
-                .password("password")
-                .roles("ADMIN")
-                .build();
+            .username("admin")
+            .password("password")
+            .roles("ADMIN")
+            .build();
 
         return new MapReactiveUserDetailsService(user, admin);
     }