diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementServerProperties.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementServerProperties.java index 3ae8ad7b090..a69ccd75f48 100644 --- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementServerProperties.java +++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementServerProperties.java @@ -17,6 +17,7 @@ package org.springframework.boot.actuate.autoconfigure; import java.net.InetAddress; +import java.util.ArrayList; import java.util.Collections; import java.util.List; @@ -178,7 +179,7 @@ public class ManagementServerProperties implements SecurityPrerequisite { /** * Comma-separated list of roles that can access the management endpoint. */ - private List roles = Collections.singletonList("ADMIN"); + private List roles = new ArrayList(Collections.singletonList("ADMIN")); /** * Session creating policy to use (always, never, if_required, stateless). diff --git a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/ManagementServerPropertiesAutoConfigurationTests.java b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/ManagementServerPropertiesAutoConfigurationTests.java index 29196a96605..d04616a4861 100644 --- a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/ManagementServerPropertiesAutoConfigurationTests.java +++ b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/ManagementServerPropertiesAutoConfigurationTests.java @@ -80,6 +80,13 @@ public class ManagementServerPropertiesAutoConfigurationTests { assertThat(properties.getSecurity().getRoles()).containsOnly("FOO", "BAR", "BIZ"); } + @Test + public void managementRolesAllowsIndexedAccess() { + ManagementServerProperties properties = load( + "management.security.roles[0]=FOO"); + assertThat(properties.getSecurity().getRoles()).containsOnly("FOO"); + } + public ManagementServerProperties load(String... environment) { AnnotationConfigApplicationContext ctx = new AnnotationConfigApplicationContext(); EnvironmentTestUtils.addEnvironment(ctx, environment);