root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 12 Packages Projects Releases Wiki Activity

Ensure path starts with "/" in ErrorController 

When mapping the ErrorController path to Spring Security it's
important that it starts with "/". This change ensures that is
the case even if the user has omitted the leading "/".

Fixes gh-694
This commit is contained in:
Dave Syer 2014-04-19 19:21:45 -07:00
parent 506e57663a
commit 00b85e8c42
2 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java
View File

@ -55,6 +55,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.util.StringUtils;
/**
* {@link EnableAutoConfiguration Auto-configuration} for security of framework endpoints.
@ -142,11 +143,19 @@ public class ManagementSecurityAutoConfiguration {
ignored.remove("none");
}
if (this.errorController != null) {
ignored.add(this.errorController.getErrorPath());
ignored.add(normalizePath(this.errorController.getErrorPath()));
}
ignoring.antMatchers(ignored.toArray(new String[0]));
}
private String normalizePath(String errorPath) {
String result = StringUtils.cleanPath(errorPath);
if (!result.startsWith("/")) {
result = "/" + result;
}
return result;
}
}
@Configuration

7
spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfigurationTests.java
View File

@ -40,6 +40,7 @@ import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.test.util.ReflectionTestUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
import static org.junit.Assert.assertEquals;
@ -79,6 +80,12 @@ public class ManagementSecurityAutoConfigurationTests {
.size());
}
@Test
public void testPathNormalization() throws Exception {
String path = "admin/./error";
assertEquals("admin/error", StringUtils.cleanPath(path));
}
@Test
public void testWebConfigurationWithExtraRole() throws Exception {
this.context = new AnnotationConfigWebApplicationContext();