root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Support configuration of multiple management roles 

Closes gh-5045
This commit is contained in:
Vedran Pavic 2016-02-03 08:04:52 +01:00 committed by Stephane Nicoll
parent e9a226c8f8
commit 20fa1b3b48
5 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/CrshAutoConfiguration.java
View File

@ -196,8 +196,8 @@ public class CrshAutoConfiguration {
// overridden by ConfigurationProperties. // overridden by ConfigurationProperties.
SpringAuthenticationProperties authenticationProperties = new SpringAuthenticationProperties(); SpringAuthenticationProperties authenticationProperties = new SpringAuthenticationProperties();
if (this.management != null) { if (this.management != null) {
authenticationProperties.setRoles( List<String> roles = this.management.getSecurity().getRole();
new String[] { this.management.getSecurity().getRole() }); authenticationProperties.setRoles(roles.toArray(new String[roles.size()]));
} }
return authenticationProperties; return authenticationProperties;
} }

12
spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementServerProperties.java
View File

@ -17,6 +17,9 @@
package org.springframework.boot.actuate.autoconfigure; package org.springframework.boot.actuate.autoconfigure;
import java.net.InetAddress; import java.net.InetAddress;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.validation.constraints.NotNull; import javax.validation.constraints.NotNull;
@ -33,6 +36,7 @@ import org.springframework.util.StringUtils;
* *
* @author Dave Syer * @author Dave Syer
* @author Stephane Nicoll * @author Stephane Nicoll
* @author Vedran Pavic
* @see ServerProperties * @see ServerProperties
*/ */
@ConfigurationProperties(prefix = "management", ignoreUnknownFields = true) @ConfigurationProperties(prefix = "management", ignoreUnknownFields = true)
@ -160,9 +164,9 @@ public class ManagementServerProperties implements SecurityPrerequisite {
private boolean enabled = true; private boolean enabled = true;
/** /**
* Role required to access the management endpoint. * Roles required to access the management endpoint.
*/ */
private String role = "ADMIN"; private List<String> role = new ArrayList<String>(Arrays.asList("ADMIN"));
/** /**
* Session creating policy to use (always, never, if_required, stateless). * Session creating policy to use (always, never, if_required, stateless).
@ -177,11 +181,11 @@ public class ManagementServerProperties implements SecurityPrerequisite {
this.sessions = sessions; this.sessions = sessions;
} }
public void setRole(String role) { public void setRole(List<String> role) {
this.role = role; this.role = role;
} }
public String getRole() { public List<String> getRole() {
return this.role; return this.role;
} }

7
spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementWebSecurityAutoConfiguration.java
View File

@ -124,7 +124,7 @@ public class ManagementWebSecurityAutoConfiguration {
public void init() { public void init() {
if (this.management != null && this.security != null) { if (this.management != null && this.security != null) {
this.security.getUser().getRole() this.security.getUser().getRole()
.add(this.management.getSecurity().getRole()); .addAll(this.management.getSecurity().getRole());
} }
} }
@ -296,8 +296,9 @@ public class ManagementWebSecurityAutoConfiguration {
// Permit access to the non-sensitive endpoints // Permit access to the non-sensitive endpoints
requests.requestMatchers(new LazyEndpointPathRequestMatcher( requests.requestMatchers(new LazyEndpointPathRequestMatcher(
this.contextResolver, EndpointPaths.NON_SENSITIVE)).permitAll(); this.contextResolver, EndpointPaths.NON_SENSITIVE)).permitAll();
// Restrict the rest to the configured role // Restrict the rest to the configured roles
requests.anyRequest().hasRole(this.management.getSecurity().getRole()); List<String> roles = this.management.getSecurity().getRole();
requests.anyRequest().hasAnyRole(roles.toArray(new String[roles.size()]));
} }
} }

2
spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
View File

@ -996,7 +996,7 @@ content into your application; rather pick only the properties that you need.
management.context-path= # Management endpoint context-path. For instance `/actuator` management.context-path= # Management endpoint context-path. For instance `/actuator`
management.port= # Management endpoint HTTP port. Use the same port as the application by default. management.port= # Management endpoint HTTP port. Use the same port as the application by default.
management.security.enabled=true # Enable security. management.security.enabled=true # Enable security.
management.security.role=ADMIN # Role required to access the management endpoint. management.security.role=ADMIN # Roles required to access the management endpoint.
management.security.sessions=stateless # Session creating policy to use (always, never, if_required, stateless). management.security.sessions=stateless # Session creating policy to use (always, never, if_required, stateless).
# HEALTH INDICATORS (previously health.*) # HEALTH INDICATORS (previously health.*)

2
spring-boot-docs/src/main/asciidoc/production-ready-features.adoc
View File

@ -520,7 +520,7 @@ TIP: Generated passwords are logged as the application starts. Search for '`Usin
security password`'. security password`'.
You can use Spring properties to change the username and password and to change the You can use Spring properties to change the username and password and to change the
security role required to access the endpoints. For example, you might set the following security roles required to access the endpoints. For example, you might set the following
in your `application.properties`: in your `application.properties`:
[source,properties,indent=0] [source,properties,indent=0]