diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementWebSecurityAutoConfiguration.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementWebSecurityAutoConfiguration.java index a5fb1c933e0..faf6310c941 100644 --- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementWebSecurityAutoConfiguration.java +++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementWebSecurityAutoConfiguration.java @@ -101,8 +101,8 @@ public class ManagementWebSecurityAutoConfiguration { } @Configuration - protected static class ManagementSecurityPropertiesConfiguration - implements SecurityPrerequisite { + protected static class ManagementSecurityPropertiesConfiguration implements + SecurityPrerequisite { @Autowired(required = false) private SecurityProperties security; @@ -122,8 +122,8 @@ public class ManagementWebSecurityAutoConfiguration { // Get the ignored paths in early @Order(SecurityProperties.IGNORED_ORDER + 1) - private static class IgnoredPathsWebSecurityConfigurerAdapter - implements WebSecurityConfigurer { + private static class IgnoredPathsWebSecurityConfigurerAdapter implements + WebSecurityConfigurer { @Autowired(required = false) private ErrorController errorController; @@ -152,8 +152,8 @@ public class ManagementWebSecurityAutoConfiguration { List ignored = SpringBootWebSecurityConfiguration .getIgnored(this.security); if (!this.management.getSecurity().isEnabled()) { - ignored.addAll( - Arrays.asList(EndpointPaths.get(this.endpointHandlerMapping))); + ignored.addAll(Arrays.asList(EndpointPaths + .get(this.endpointHandlerMapping))); } if (ignored.contains("none")) { ignored.remove("none"); @@ -192,13 +192,12 @@ public class ManagementWebSecurityAutoConfiguration { @Override public ConditionOutcome getMatchOutcome(ConditionContext context, AnnotatedTypeMetadata metadata) { - String managementEnabled = context.getEnvironment() - .getProperty("management.security.enabled", "true"); - String basicEnabled = context.getEnvironment() - .getProperty("security.basic.enabled", "true"); - return new ConditionOutcome( - "true".equalsIgnoreCase(managementEnabled) - && !"true".equalsIgnoreCase(basicEnabled), + String managementEnabled = context.getEnvironment().getProperty( + "management.security.enabled", "true"); + String basicEnabled = context.getEnvironment().getProperty( + "security.basic.enabled", "true"); + return new ConditionOutcome("true".equalsIgnoreCase(managementEnabled) + && !"true".equalsIgnoreCase(basicEnabled), "Management security enabled and basic disabled"); } @@ -208,8 +207,8 @@ public class ManagementWebSecurityAutoConfiguration { @ConditionalOnMissingBean({ ManagementWebSecurityConfigurerAdapter.class }) @ConditionalOnProperty(prefix = "management.security", name = "enabled", matchIfMissing = true) @Order(ManagementServerProperties.BASIC_AUTH_ORDER) - protected static class ManagementWebSecurityConfigurerAdapter - extends WebSecurityConfigurerAdapter { + protected static class ManagementWebSecurityConfigurerAdapter extends + WebSecurityConfigurerAdapter { @Autowired private SecurityProperties security; @@ -235,8 +234,8 @@ public class ManagementWebSecurityAutoConfiguration { if (this.endpointHandlerMapping == null) { ApplicationContext context = (this.contextResolver == null ? null : this.contextResolver.getApplicationContext()); - if (context != null && context - .getBeanNamesForType(EndpointHandlerMapping.class).length > 0) { + if (context != null + && context.getBeanNamesForType(EndpointHandlerMapping.class).length > 0) { this.endpointHandlerMapping = context .getBean(EndpointHandlerMapping.class); } @@ -296,8 +295,9 @@ public class ManagementWebSecurityAutoConfiguration { private void configurePermittedRequests( ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry requests) { // Permit access to the non-sensitive endpoints - requests.requestMatchers(new EndpointPathRequestMatcher( - EndpointPaths.get(this.endpointHandlerMapping, false))).permitAll(); + requests.requestMatchers( + new EndpointPathRequestMatcher(EndpointPaths.get( + this.endpointHandlerMapping, false))).permitAll(); // Restrict the rest to the configured role requests.anyRequest().hasRole(this.management.getSecurity().getRole()); } diff --git a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpointIntegrationTests.java b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpointIntegrationTests.java index e8cc76d983c..57a620ff703 100644 --- a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpointIntegrationTests.java +++ b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpointIntegrationTests.java @@ -16,12 +16,6 @@ package org.springframework.boot.actuate.endpoint.mvc; -import static org.hamcrest.Matchers.startsWith; -import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity; -import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; - import org.junit.After; import org.junit.Test; import org.springframework.boot.actuate.autoconfigure.EndpointAutoConfiguration; @@ -47,6 +41,12 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.test.web.servlet.setup.MockMvcConfigurer; import org.springframework.web.context.support.AnnotationConfigWebApplicationContext; +import static org.hamcrest.Matchers.startsWith; +import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + /** * Integration tests for the Actuator's MVC endpoints. * @@ -61,6 +61,7 @@ public class MvcEndpointIntegrationTests { @After public void close() { TestSecurityContextHolder.clearContext(); + this.context.close(); } @Test @@ -131,7 +132,8 @@ public class MvcEndpointIntegrationTests { @Test public void sensitiveEndpointsAreSecureWithNonAdminRoleWithCustomContextPath() throws Exception { - TestSecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "N/A", "ROLE_USER")); + TestSecurityContextHolder.getContext().setAuthentication( + new TestingAuthenticationToken("user", "N/A", "ROLE_USER")); this.context = new AnnotationConfigWebApplicationContext(); this.context.register(SecureConfiguration.class); EnvironmentTestUtils.addEnvironment(this.context, @@ -143,7 +145,8 @@ public class MvcEndpointIntegrationTests { @Test public void sensitiveEndpointsAreSecureWithAdminRoleWithCustomContextPath() throws Exception { - TestSecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "N/A", "ROLE_ADMIN")); + TestSecurityContextHolder.getContext().setAuthentication( + new TestingAuthenticationToken("user", "N/A", "ROLE_ADMIN")); this.context = new AnnotationConfigWebApplicationContext(); this.context.register(SecureConfiguration.class); EnvironmentTestUtils.addEnvironment(this.context, @@ -179,8 +182,8 @@ public class MvcEndpointIntegrationTests { EnvironmentTestUtils.addEnvironment(this.context, "spring.jackson.serialization.indent-output:true"); MockMvc mockMvc = createMockMvc(); - mockMvc.perform(get("/beans")) - .andExpect(content().string(startsWith("{" + LINE_SEPARATOR))); + mockMvc.perform(get("/beans")).andExpect( + content().string(startsWith("{" + LINE_SEPARATOR))); } private MockMvc createMockMvc() { @@ -202,8 +205,8 @@ public class MvcEndpointIntegrationTests { } @ImportAutoConfiguration({ JacksonAutoConfiguration.class, - HttpMessageConvertersAutoConfiguration.class, EndpointAutoConfiguration.class, - EndpointWebMvcAutoConfiguration.class, + HttpMessageConvertersAutoConfiguration.class, + EndpointAutoConfiguration.class, EndpointWebMvcAutoConfiguration.class, ManagementServerPropertiesAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class, WebMvcAutoConfiguration.class }) static class DefaultConfiguration { @@ -221,8 +224,8 @@ public class MvcEndpointIntegrationTests { @ImportAutoConfiguration({ HypermediaAutoConfiguration.class, RepositoryRestMvcAutoConfiguration.class, JacksonAutoConfiguration.class, - HttpMessageConvertersAutoConfiguration.class, EndpointAutoConfiguration.class, - EndpointWebMvcAutoConfiguration.class, + HttpMessageConvertersAutoConfiguration.class, + EndpointAutoConfiguration.class, EndpointWebMvcAutoConfiguration.class, ManagementServerPropertiesAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class, WebMvcAutoConfiguration.class }) static class SpringDataRestConfiguration {