Polishing
This commit is contained in:
Andy Wilkinson
parent
933aad3c06
commit
2964fd28a0
|
|
@ -101,8 +101,8 @@ public class ManagementWebSecurityAutoConfiguration {
|
|||
}
|
||||
|
||||
@Configuration
|
||||
protected static class ManagementSecurityPropertiesConfiguration
|
||||
implements SecurityPrerequisite {
|
||||
protected static class ManagementSecurityPropertiesConfiguration implements
|
||||
SecurityPrerequisite {
|
||||
|
||||
@Autowired(required = false)
|
||||
private SecurityProperties security;
|
||||
|
|
@ -122,8 +122,8 @@ public class ManagementWebSecurityAutoConfiguration {
|
|||
|
||||
// Get the ignored paths in early
|
||||
@Order(SecurityProperties.IGNORED_ORDER + 1)
|
||||
private static class IgnoredPathsWebSecurityConfigurerAdapter
|
||||
implements WebSecurityConfigurer<WebSecurity> {
|
||||
private static class IgnoredPathsWebSecurityConfigurerAdapter implements
|
||||
WebSecurityConfigurer<WebSecurity> {
|
||||
|
||||
@Autowired(required = false)
|
||||
private ErrorController errorController;
|
||||
|
|
@ -152,8 +152,8 @@ public class ManagementWebSecurityAutoConfiguration {
|
|||
List<String> ignored = SpringBootWebSecurityConfiguration
|
||||
.getIgnored(this.security);
|
||||
if (!this.management.getSecurity().isEnabled()) {
|
||||
ignored.addAll(
|
||||
Arrays.asList(EndpointPaths.get(this.endpointHandlerMapping)));
|
||||
ignored.addAll(Arrays.asList(EndpointPaths
|
||||
.get(this.endpointHandlerMapping)));
|
||||
}
|
||||
if (ignored.contains("none")) {
|
||||
ignored.remove("none");
|
||||
|
|
@ -192,13 +192,12 @@ public class ManagementWebSecurityAutoConfiguration {
|
|||
@Override
|
||||
public ConditionOutcome getMatchOutcome(ConditionContext context,
|
||||
AnnotatedTypeMetadata metadata) {
|
||||
String managementEnabled = context.getEnvironment()
|
||||
.getProperty("management.security.enabled", "true");
|
||||
String basicEnabled = context.getEnvironment()
|
||||
.getProperty("security.basic.enabled", "true");
|
||||
return new ConditionOutcome(
|
||||
"true".equalsIgnoreCase(managementEnabled)
|
||||
&& !"true".equalsIgnoreCase(basicEnabled),
|
||||
String managementEnabled = context.getEnvironment().getProperty(
|
||||
"management.security.enabled", "true");
|
||||
String basicEnabled = context.getEnvironment().getProperty(
|
||||
"security.basic.enabled", "true");
|
||||
return new ConditionOutcome("true".equalsIgnoreCase(managementEnabled)
|
||||
&& !"true".equalsIgnoreCase(basicEnabled),
|
||||
"Management security enabled and basic disabled");
|
||||
}
|
||||
|
||||
|
|
@ -208,8 +207,8 @@ public class ManagementWebSecurityAutoConfiguration {
|
|||
@ConditionalOnMissingBean({ ManagementWebSecurityConfigurerAdapter.class })
|
||||
@ConditionalOnProperty(prefix = "management.security", name = "enabled", matchIfMissing = true)
|
||||
@Order(ManagementServerProperties.BASIC_AUTH_ORDER)
|
||||
protected static class ManagementWebSecurityConfigurerAdapter
|
||||
extends WebSecurityConfigurerAdapter {
|
||||
protected static class ManagementWebSecurityConfigurerAdapter extends
|
||||
WebSecurityConfigurerAdapter {
|
||||
|
||||
@Autowired
|
||||
private SecurityProperties security;
|
||||
|
|
@ -235,8 +234,8 @@ public class ManagementWebSecurityAutoConfiguration {
|
|||
if (this.endpointHandlerMapping == null) {
|
||||
ApplicationContext context = (this.contextResolver == null ? null
|
||||
: this.contextResolver.getApplicationContext());
|
||||
if (context != null && context
|
||||
.getBeanNamesForType(EndpointHandlerMapping.class).length > 0) {
|
||||
if (context != null
|
||||
&& context.getBeanNamesForType(EndpointHandlerMapping.class).length > 0) {
|
||||
this.endpointHandlerMapping = context
|
||||
.getBean(EndpointHandlerMapping.class);
|
||||
}
|
||||
|
|
@ -296,8 +295,9 @@ public class ManagementWebSecurityAutoConfiguration {
|
|||
private void configurePermittedRequests(
|
||||
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry requests) {
|
||||
// Permit access to the non-sensitive endpoints
|
||||
requests.requestMatchers(new EndpointPathRequestMatcher(
|
||||
EndpointPaths.get(this.endpointHandlerMapping, false))).permitAll();
|
||||
requests.requestMatchers(
|
||||
new EndpointPathRequestMatcher(EndpointPaths.get(
|
||||
this.endpointHandlerMapping, false))).permitAll();
|
||||
// Restrict the rest to the configured role
|
||||
requests.anyRequest().hasRole(this.management.getSecurity().getRole());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,12 +16,6 @@
|
|||
|
||||
package org.springframework.boot.actuate.endpoint.mvc;
|
||||
|
||||
import static org.hamcrest.Matchers.startsWith;
|
||||
import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Test;
|
||||
import org.springframework.boot.actuate.autoconfigure.EndpointAutoConfiguration;
|
||||
|
|
@ -47,6 +41,12 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
|||
import org.springframework.test.web.servlet.setup.MockMvcConfigurer;
|
||||
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
|
||||
|
||||
import static org.hamcrest.Matchers.startsWith;
|
||||
import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
/**
|
||||
* Integration tests for the Actuator's MVC endpoints.
|
||||
*
|
||||
|
|
@ -61,6 +61,7 @@ public class MvcEndpointIntegrationTests {
|
|||
@After
|
||||
public void close() {
|
||||
TestSecurityContextHolder.clearContext();
|
||||
this.context.close();
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -131,7 +132,8 @@ public class MvcEndpointIntegrationTests {
|
|||
@Test
|
||||
public void sensitiveEndpointsAreSecureWithNonAdminRoleWithCustomContextPath()
|
||||
throws Exception {
|
||||
TestSecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "N/A", "ROLE_USER"));
|
||||
TestSecurityContextHolder.getContext().setAuthentication(
|
||||
new TestingAuthenticationToken("user", "N/A", "ROLE_USER"));
|
||||
this.context = new AnnotationConfigWebApplicationContext();
|
||||
this.context.register(SecureConfiguration.class);
|
||||
EnvironmentTestUtils.addEnvironment(this.context,
|
||||
|
|
@ -143,7 +145,8 @@ public class MvcEndpointIntegrationTests {
|
|||
@Test
|
||||
public void sensitiveEndpointsAreSecureWithAdminRoleWithCustomContextPath()
|
||||
throws Exception {
|
||||
TestSecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "N/A", "ROLE_ADMIN"));
|
||||
TestSecurityContextHolder.getContext().setAuthentication(
|
||||
new TestingAuthenticationToken("user", "N/A", "ROLE_ADMIN"));
|
||||
this.context = new AnnotationConfigWebApplicationContext();
|
||||
this.context.register(SecureConfiguration.class);
|
||||
EnvironmentTestUtils.addEnvironment(this.context,
|
||||
|
|
@ -179,8 +182,8 @@ public class MvcEndpointIntegrationTests {
|
|||
EnvironmentTestUtils.addEnvironment(this.context,
|
||||
"spring.jackson.serialization.indent-output:true");
|
||||
MockMvc mockMvc = createMockMvc();
|
||||
mockMvc.perform(get("/beans"))
|
||||
.andExpect(content().string(startsWith("{" + LINE_SEPARATOR)));
|
||||
mockMvc.perform(get("/beans")).andExpect(
|
||||
content().string(startsWith("{" + LINE_SEPARATOR)));
|
||||
}
|
||||
|
||||
private MockMvc createMockMvc() {
|
||||
|
|
@ -202,8 +205,8 @@ public class MvcEndpointIntegrationTests {
|
|||
}
|
||||
|
||||
@ImportAutoConfiguration({ JacksonAutoConfiguration.class,
|
||||
HttpMessageConvertersAutoConfiguration.class, EndpointAutoConfiguration.class,
|
||||
EndpointWebMvcAutoConfiguration.class,
|
||||
HttpMessageConvertersAutoConfiguration.class,
|
||||
EndpointAutoConfiguration.class, EndpointWebMvcAutoConfiguration.class,
|
||||
ManagementServerPropertiesAutoConfiguration.class,
|
||||
PropertyPlaceholderAutoConfiguration.class, WebMvcAutoConfiguration.class })
|
||||
static class DefaultConfiguration {
|
||||
|
|
@ -221,8 +224,8 @@ public class MvcEndpointIntegrationTests {
|
|||
|
||||
@ImportAutoConfiguration({ HypermediaAutoConfiguration.class,
|
||||
RepositoryRestMvcAutoConfiguration.class, JacksonAutoConfiguration.class,
|
||||
HttpMessageConvertersAutoConfiguration.class, EndpointAutoConfiguration.class,
|
||||
EndpointWebMvcAutoConfiguration.class,
|
||||
HttpMessageConvertersAutoConfiguration.class,
|
||||
EndpointAutoConfiguration.class, EndpointWebMvcAutoConfiguration.class,
|
||||
ManagementServerPropertiesAutoConfiguration.class,
|
||||
PropertyPlaceholderAutoConfiguration.class, WebMvcAutoConfiguration.class })
|
||||
static class SpringDataRestConfiguration {
|
||||
|
|
|
|||
Loading…
Reference in New Issue