diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java index 5191bb66839..c735e32655a 100644 --- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java +++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java @@ -76,7 +76,6 @@ import org.springframework.util.StringUtils; * Many aspects of the behavior can be controller with {@link ManagementServerProperties} * via externalized application properties (or via an bean definition of that type to set * the defaults). - * *

* The framework {@link Endpoint}s (used to expose application information to operations) * include a {@link Endpoint#isSensitive() sensitive} configuration option which will be @@ -231,6 +230,22 @@ public class ManagementSecurityAutoConfiguration { this.endpointHandlerMapping = endpointHandlerMapping; } + protected final void deduceEndpointHandlerMappingIfMissing() { + if (this.endpointHandlerMapping == null) { + ApplicationContext context = (this.contextResolver == null ? null + : this.contextResolver.getApplicationContext()); + if (context != null + && context.getBeanNamesForType(EndpointHandlerMapping.class).length > 0) { + this.endpointHandlerMapping = context + .getBean(EndpointHandlerMapping.class); + } + if (this.endpointHandlerMapping == null) { + this.endpointHandlerMapping = new EndpointHandlerMapping( + Collections. emptySet()); + } + } + } + @Override protected void configure(HttpSecurity http) throws Exception { // secure endpoints @@ -297,35 +312,32 @@ public class ManagementSecurityAutoConfiguration { @Override public boolean matches(HttpServletRequest request) { - EndpointHandlerMapping endpointMapping = ManagementWebSecurityConfigurerAdapter.this.endpointHandlerMapping; - if (endpointMapping == null - && ManagementWebSecurityConfigurerAdapter.this.contextResolver != null) { - ApplicationContext context = ManagementWebSecurityConfigurerAdapter.this.contextResolver - .getApplicationContext(); - if (context != null - && context.getBeanNamesForType(EndpointHandlerMapping.class).length > 0) { - ManagementWebSecurityConfigurerAdapter.this.endpointHandlerMapping = context - .getBean(EndpointHandlerMapping.class); - } - } - if (endpointMapping == null) { - ManagementWebSecurityConfigurerAdapter.this.endpointHandlerMapping = new EndpointHandlerMapping( - Collections. emptySet()); - } + ManagementWebSecurityConfigurerAdapter.this + .deduceEndpointHandlerMappingIfMissing(); if (this.delegate == null) { - List pathMatchers = new ArrayList(); - String[] paths = !this.sensitive ? getEndpointPaths(endpointMapping, - false) : getEndpointPaths(endpointMapping); - for (String path : paths) { - pathMatchers.add(new AntPathRequestMatcher( - ManagementWebSecurityConfigurerAdapter.this.server - .getPath(path))); - } - this.delegate = pathMatchers.isEmpty() ? AnyRequestMatcher.INSTANCE - : new OrRequestMatcher(pathMatchers); + this.delegate = createDelegate(); } return this.delegate.matches(request); } + + private RequestMatcher createDelegate() { + ServerProperties server = ManagementWebSecurityConfigurerAdapter.this.server; + List matchers = new ArrayList(); + for (String path : getPaths()) { + matchers.add(new AntPathRequestMatcher(server.getPath(path))); + } + return (matchers.isEmpty() ? AnyRequestMatcher.INSTANCE + : new OrRequestMatcher(matchers)); + } + + private String[] getPaths() { + EndpointHandlerMapping endpointHandlerMapping = ManagementWebSecurityConfigurerAdapter.this.endpointHandlerMapping; + if (this.sensitive) { + return getEndpointPaths(endpointHandlerMapping); + } + return getEndpointPaths(endpointHandlerMapping, false); + } + } }