From 2fb4d2ece6a0f9e8c302b5d370cdfd6c60beaf9f Mon Sep 17 00:00:00 2001
From: Spencer Gibb <spencer@gibb.us>
Date: Tue, 25 Nov 2014 15:29:01 -0700
Subject: [PATCH] Check if managementServerProperties.getSecurity() is not null

before checking isEnabled(). It is explicitly constructed as null
in ManagementServerProperties to prevent class not found errors
at runtime when Security is not on the classpath.

Fixes gh-2003, fixes gh-2004
---
 .../actuate/autoconfigure/EndpointWebMvcAutoConfiguration.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/EndpointWebMvcAutoConfiguration.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/EndpointWebMvcAutoConfiguration.java
index 32e71c61c7f..0800762569c 100644
--- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/EndpointWebMvcAutoConfiguration.java
+++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/EndpointWebMvcAutoConfiguration.java
@@ -165,7 +165,8 @@ public class EndpointWebMvcAutoConfiguration implements ApplicationContextAware,
 	@ConditionalOnProperty(prefix = "endpoints.health", name = "enabled", matchIfMissing = true)
 	public HealthMvcEndpoint healthMvcEndpoint(HealthEndpoint delegate) {
 		HealthMvcEndpoint healthMvcEndpoint = new HealthMvcEndpoint(delegate);
-		boolean secure = this.managementServerProperties.getSecurity().isEnabled()
+		boolean secure = this.managementServerProperties.getSecurity() != null
+				&& this.managementServerProperties.getSecurity().isEnabled()
 				&& ClassUtils.isPresent(
 						"org.springframework.security.core.Authentication", null);
 		delegate.setSensitive(secure);