diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java index c15d0270375..4273ec51671 100644 --- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java +++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java @@ -25,6 +25,7 @@ import javax.annotation.PostConstruct; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.actuate.endpoint.Endpoint; +import org.springframework.boot.actuate.endpoint.mvc.AnonymouslyAccessibleMvcEndpoint; import org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMapping; import org.springframework.boot.actuate.endpoint.mvc.MvcEndpoint; import org.springframework.boot.autoconfigure.AutoConfigureAfter; @@ -268,7 +269,8 @@ public class ManagementSecurityAutoConfiguration { Set endpoints = endpointHandlerMapping.getEndpoints(); List paths = new ArrayList(endpoints.size()); for (MvcEndpoint endpoint : endpoints) { - if (endpoint.isSensitive() == secure) { + if (endpoint.isSensitive() == secure + || (!secure && endpoint instanceof AnonymouslyAccessibleMvcEndpoint)) { String path = endpointHandlerMapping.getPath(endpoint.getPath()); paths.add(path); // Add Spring MVC-generated additional paths diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/AnonymouslyAccessibleMvcEndpoint.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/AnonymouslyAccessibleMvcEndpoint.java new file mode 100644 index 00000000000..a3223debbfe --- /dev/null +++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/AnonymouslyAccessibleMvcEndpoint.java @@ -0,0 +1,27 @@ +/* + * Copyright 2012-2014 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.boot.actuate.endpoint.mvc; + +/** + * An {@link MvcEndpoint} that should be accessible without authentication + * + * @author Andy Wilkinson + * @since 1.2.0 + */ +public interface AnonymouslyAccessibleMvcEndpoint extends MvcEndpoint { + +} diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/HealthMvcEndpoint.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/HealthMvcEndpoint.java index 561a33bed87..7b77c7b7d45 100644 --- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/HealthMvcEndpoint.java +++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/HealthMvcEndpoint.java @@ -39,7 +39,7 @@ import org.springframework.web.bind.annotation.ResponseBody; * @author Andy Wilkinson * @since 1.1.0 */ -public class HealthMvcEndpoint implements MvcEndpoint { +public class HealthMvcEndpoint implements AnonymouslyAccessibleMvcEndpoint { private Map statusMapping = new HashMap(); diff --git a/spring-boot-samples/spring-boot-sample-actuator/src/main/resources/application.properties b/spring-boot-samples/spring-boot-sample-actuator/src/main/resources/application.properties index 9eb7e230f89..1dee69a2f82 100644 --- a/spring-boot-samples/spring-boot-sample-actuator/src/main/resources/application.properties +++ b/spring-boot-samples/spring-boot-sample-actuator/src/main/resources/application.properties @@ -1,5 +1,5 @@ logging.file: /tmp/logs/app.log -logging.level.org.springframework.security: DEBUG +logging.level.org.springframework.security: INFO management.address: 127.0.0.1 #management.port: 8181 endpoints.shutdown.enabled: true