root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 15 Packages Projects Releases Wiki Activity

Don't use static final security matcher 

Using static final matchers breaks the build because they have state
that's not reset across tests.

See gh-17525
This commit is contained in:
Phillip Webb 2019-07-29 12:13:31 +01:00
parent 6675f49334
commit 3b28b1cade
2 changed files with 2 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/reactive/ReactiveManagementWebSecurityAutoConfiguration.java
View File

@ -19,7 +19,6 @@ package org.springframework.boot.actuate.autoconfigure.security.reactive;
import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointAutoConfiguration;
import org.springframework.boot.actuate.autoconfigure.health.HealthEndpointAutoConfiguration;
import org.springframework.boot.actuate.autoconfigure.info.InfoEndpointAutoConfiguration;
import org.springframework.boot.actuate.autoconfigure.security.reactive.EndpointRequest.EndpointServerWebExchangeMatcher;
import org.springframework.boot.actuate.health.HealthEndpoint;
import org.springframework.boot.actuate.info.InfoEndpoint;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
@ -57,13 +56,10 @@ import org.springframework.security.web.server.WebFilterChainProxy;
ReactiveOAuth2ResourceServerAutoConfiguration.class })
public class ReactiveManagementWebSecurityAutoConfiguration {
private static final EndpointServerWebExchangeMatcher HEALTH_OR_INFO_ENDPOINT = EndpointRequest
.to(HealthEndpoint.class, InfoEndpoint.class);
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
http.authorizeExchange((exchanges) -> {
exchanges.matchers(HEALTH_OR_INFO_ENDPOINT).permitAll();
exchanges.matchers(EndpointRequest.to(HealthEndpoint.class, InfoEndpoint.class)).permitAll();
exchanges.anyExchange().authenticated();
});
http.httpBasic(Customizer.withDefaults());

6
spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityConfigurerAdapter.java
View File

@ -16,7 +16,6 @@
package org.springframework.boot.actuate.autoconfigure.security.servlet;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest.EndpointRequestMatcher;
import org.springframework.boot.actuate.health.HealthEndpoint;
import org.springframework.boot.actuate.info.InfoEndpoint;
import org.springframework.context.annotation.Configuration;
@ -39,13 +38,10 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
@Configuration(proxyBeanMethods = false)
class ManagementWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
private static final EndpointRequestMatcher HEALTH_OR_INFO_ENDPOINT = EndpointRequest.to(HealthEndpoint.class,
InfoEndpoint.class);
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests((requests) -> {
requests.requestMatchers(HEALTH_OR_INFO_ENDPOINT).permitAll();
requests.requestMatchers(EndpointRequest.to(HealthEndpoint.class, InfoEndpoint.class)).permitAll();
requests.anyRequest().authenticated();
});
http.formLogin(Customizer.withDefaults());