Is seems impossible to remove/restrict the access to some admin routes. I think about ressource like registry.json that we don't want everyone to access.
In that case we must desactivate the Admin interface instead of just restricting the access to some "ENV" related ressources even if the admin interface would be useful for users.

Correct me if I'm wrong but it's not possible at the moment.

@Kyochi you can always drop in an authentication filter for your chosen authentication (or something smarter that disallowed the request to reach certain routes based on your notion of "env") or even directly challenge in the route handler itself?

I believe there are some examples in the wild which have integrated Okta into admin routes as well. Filtering admin routes is akin to filtering normal controller routes and should be described in the User Guide (https://twitter.github.io/finatra/user-guide/http/controllers.html#admin-paths).

Hope that helps.