Fix security config
The management endpoints were still all mixed up with the user endpoints. Fixed that and extracted user endpoints in to conditional block so not protected if path explicitly set to empty string. [#53029715]
This commit is contained in:
Dave Syer
Phillip Webb
parent
6498f0e8b8
commit
43fc107437
|
|
@ -17,7 +17,6 @@
|
|||
package org.springframework.boot.actuate.autoconfigure;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
|
|
@ -141,12 +140,17 @@ public class SecurityAutoConfiguration {
|
|||
http.httpBasic().and().anonymous().disable();
|
||||
ExpressionUrlAuthorizationConfigurer<HttpSecurity> authorizeUrls = http
|
||||
.authorizeUrls();
|
||||
if (getEndpointPaths(true).length > 0) {
|
||||
String[] paths = getEndpointPaths(true);
|
||||
if (paths.length > 0) {
|
||||
authorizeUrls.antMatchers(getEndpointPaths(true)).hasRole(
|
||||
this.management.getUser().getRole());
|
||||
}
|
||||
authorizeUrls.antMatchers(getSecureApplicationPaths())
|
||||
.hasRole(this.security.getBasic().getRole()).and().httpBasic();
|
||||
paths = getSecureApplicationPaths();
|
||||
if (paths.length > 0) {
|
||||
authorizeUrls.antMatchers(getSecureApplicationPaths()).hasRole(
|
||||
this.security.getBasic().getRole());
|
||||
}
|
||||
authorizeUrls.and().httpBasic();
|
||||
}
|
||||
|
||||
// No cookies for service endpoints by default
|
||||
|
|
@ -164,7 +168,6 @@ public class SecurityAutoConfiguration {
|
|||
list.add(path);
|
||||
}
|
||||
}
|
||||
list.addAll(Arrays.asList(getEndpointPaths(true)));
|
||||
return list.toArray(new String[list.size()]);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ public abstract class AbstractDataSourceConfiguration implements BeanClassLoader
|
|||
|
||||
private String password = "";
|
||||
|
||||
private int maxActive = 8;
|
||||
private int maxActive = 100;
|
||||
|
||||
private int maxIdle = 8;
|
||||
|
||||
|
|
|
|||
|
|
@ -28,7 +28,6 @@ import org.junit.BeforeClass;
|
|||
import org.junit.Ignore;
|
||||
import org.junit.Test;
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.sample.ops.ui.SampleActuatorUiApplication;
|
||||
import org.springframework.context.ConfigurableApplicationContext;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
|
|
@ -63,7 +62,7 @@ public class SampleActuatorUiApplicationPortTests {
|
|||
.run(SampleActuatorUiApplication.class, args);
|
||||
}
|
||||
});
|
||||
context = future.get(10, TimeUnit.SECONDS);
|
||||
context = future.get(60, TimeUnit.SECONDS);
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
|
|
|
|||
|
|
@ -28,7 +28,6 @@ import org.junit.AfterClass;
|
|||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.sample.ops.ui.SampleActuatorUiApplication;
|
||||
import org.springframework.context.ConfigurableApplicationContext;
|
||||
import org.springframework.http.HttpEntity;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
|
|
@ -63,7 +62,7 @@ public class SampleActuatorUiApplicationTests {
|
|||
.run(SampleActuatorUiApplication.class);
|
||||
}
|
||||
});
|
||||
context = future.get(30, TimeUnit.SECONDS);
|
||||
context = future.get(60, TimeUnit.SECONDS);
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
|
|
|
|||
|
|
@ -28,7 +28,6 @@ import java.util.concurrent.TimeUnit;
|
|||
import org.junit.After;
|
||||
import org.junit.Test;
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.sample.ops.SampleActuatorApplication;
|
||||
import org.springframework.context.ConfigurableApplicationContext;
|
||||
import org.springframework.http.HttpRequest;
|
||||
import org.springframework.http.HttpStatus;
|
||||
|
|
@ -64,7 +63,7 @@ public class EndpointsPropertiesSampleActuatorApplicationTests {
|
|||
.run(configuration, args);
|
||||
}
|
||||
});
|
||||
this.context = future.get(10, TimeUnit.SECONDS);
|
||||
this.context = future.get(60, TimeUnit.SECONDS);
|
||||
}
|
||||
|
||||
@After
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@ public class ManagementAddressSampleActuatorApplicationTests {
|
|||
.run(SampleActuatorApplication.class, args);
|
||||
}
|
||||
});
|
||||
context = future.get(30, TimeUnit.SECONDS);
|
||||
context = future.get(60, TimeUnit.SECONDS);
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
|
|
|
|||
|
|
@ -27,7 +27,6 @@ import org.junit.AfterClass;
|
|||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.sample.ops.SampleActuatorApplication;
|
||||
import org.springframework.context.ConfigurableApplicationContext;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
|
|
@ -62,7 +61,7 @@ public class ManagementSampleActuatorApplicationTests {
|
|||
.run(SampleActuatorApplication.class, args);
|
||||
}
|
||||
});
|
||||
context = future.get(30, TimeUnit.SECONDS);
|
||||
context = future.get(60, TimeUnit.SECONDS);
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ public class NoManagementSampleActuatorApplicationTests {
|
|||
.run(SampleActuatorApplication.class, args);
|
||||
}
|
||||
});
|
||||
context = future.get(10, TimeUnit.SECONDS);
|
||||
context = future.get(60, TimeUnit.SECONDS);
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ public class SampleActuatorApplicationTests {
|
|||
.run(SampleActuatorApplication.class);
|
||||
}
|
||||
});
|
||||
context = future.get(30, TimeUnit.SECONDS);
|
||||
context = future.get(60, TimeUnit.SECONDS);
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ public class ShutdownSampleActuatorApplicationTests {
|
|||
.run(SampleActuatorApplication.class);
|
||||
}
|
||||
});
|
||||
context = future.get(10, TimeUnit.SECONDS);
|
||||
context = future.get(60, TimeUnit.SECONDS);
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
|
|
|
|||
|
|
@ -27,7 +27,6 @@ import org.junit.AfterClass;
|
|||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.sample.ops.SampleActuatorApplication;
|
||||
import org.springframework.context.ConfigurableApplicationContext;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
|
|
@ -60,7 +59,7 @@ public class UnsecureSampleActuatorApplicationTests {
|
|||
"--security.basic.enabled=false");
|
||||
}
|
||||
});
|
||||
context = future.get(10, TimeUnit.SECONDS);
|
||||
context = future.get(60, TimeUnit.SECONDS);
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
|
|
|
|||
|
|
@ -26,7 +26,6 @@ import org.junit.AfterClass;
|
|||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.sample.jetty.SampleJettyApplication;
|
||||
import org.springframework.context.ConfigurableApplicationContext;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
|
|
@ -56,7 +55,7 @@ public class SampleJettyApplicationTests {
|
|||
.run(SampleJettyApplication.class);
|
||||
}
|
||||
});
|
||||
context = future.get(10, TimeUnit.SECONDS);
|
||||
context = future.get(60, TimeUnit.SECONDS);
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
|
|
|
|||
|
|
@ -26,7 +26,6 @@ import org.junit.AfterClass;
|
|||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.sample.traditional.SampleTraditionalApplication;
|
||||
import org.springframework.context.ConfigurableApplicationContext;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
|
|
@ -57,7 +56,7 @@ public class SampleTraditionalApplicationTests {
|
|||
.run(SampleTraditionalApplication.class);
|
||||
}
|
||||
});
|
||||
context = future.get(30, TimeUnit.SECONDS);
|
||||
context = future.get(60, TimeUnit.SECONDS);
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ public class SampleWebStaticApplicationTests {
|
|||
.run(SampleWebStaticApplication.class);
|
||||
}
|
||||
});
|
||||
context = future.get(30, TimeUnit.SECONDS);
|
||||
context = future.get(60, TimeUnit.SECONDS);
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@ import org.junit.AfterClass;
|
|||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.sample.ui.SampleWebUiApplication;
|
||||
import org.springframework.context.ConfigurableApplicationContext;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
|
|
@ -45,7 +44,7 @@ public class SampleWebUiApplicationTests {
|
|||
.run(SampleWebUiApplication.class);
|
||||
}
|
||||
});
|
||||
context = future.get(30, TimeUnit.SECONDS);
|
||||
context = future.get(60, TimeUnit.SECONDS);
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ public class SampleWebSocketsApplicationTests {
|
|||
.run(SampleWebSocketsApplication.class);
|
||||
}
|
||||
});
|
||||
context = future.get(30, TimeUnit.SECONDS);
|
||||
context = future.get(60, TimeUnit.SECONDS);
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
|
|
|
|||
Loading…
Reference in New Issue