EndpointRequest shouldn't match request on main application port when management port is different

[glossd]

In my spring boot 2 application the management port and server port are different. I'm trying to disable security for all endpoints in the management server. I disabled security as was described here. Yet my main application paths /actuator/<endpoint> have become insecure too.

[mbhave]

We discussed this on the team call today and think that making EndpointRequest port aware is only part of the problem. We need some samples/documentation on how to configure security just for the management context.