root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Merge branch '1.1.x'

This commit is contained in:
Andy Wilkinson 2015-02-12 17:53:07 +00:00
parent a4b4b850d5 d7ae0f3b06
commit a8726c4ae1
3 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2014 the original author or authors. * Copyright 2012-2015 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -75,6 +75,7 @@ import org.springframework.util.StringUtils;
* used as a security hint by the filter created here. * used as a security hint by the filter created here.
* *
* @author Dave Syer * @author Dave Syer
* @author Andy Wilkinson
*/ */
@Configuration @Configuration
@ConditionalOnWebApplication @ConditionalOnWebApplication
@ -276,8 +277,9 @@ public class ManagementSecurityAutoConfiguration {
if (endpoint.isSensitive() == secure) { if (endpoint.isSensitive() == secure) {
String path = endpointHandlerMapping.getPath(endpoint.getPath()); String path = endpointHandlerMapping.getPath(endpoint.getPath());
paths.add(path); paths.add(path);
// Ensure that nested paths are secured
paths.add(path + "/**");
// Add Spring MVC-generated additional paths // Add Spring MVC-generated additional paths
paths.add(path + "/");
paths.add(path + ".*"); paths.add(path + ".*");
} }
} }

5
spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/JolokiaMvcEndpoint.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2013-2014 the original author or authors. * Copyright 2013-2015 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -42,6 +42,7 @@ import org.springframework.web.util.UrlPathHelper;
* {@link MvcEndpoint} to expose Jolokia. * {@link MvcEndpoint} to expose Jolokia.
* *
* @author Christian Dupuis * @author Christian Dupuis
* @author Andy Wilkinson
*/ */
@ConfigurationProperties(prefix = "endpoints.jolokia", ignoreUnknownFields = false) @ConfigurationProperties(prefix = "endpoints.jolokia", ignoreUnknownFields = false)
public class JolokiaMvcEndpoint implements MvcEndpoint, InitializingBean, public class JolokiaMvcEndpoint implements MvcEndpoint, InitializingBean,
@ -57,7 +58,7 @@ public class JolokiaMvcEndpoint implements MvcEndpoint, InitializingBean,
/** /**
* Enable security on the endpoint. * Enable security on the endpoint.
*/ */
private boolean sensitive; private boolean sensitive = true;
/** /**
* Enable the endpoint. * Enable the endpoint.

15
spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfigurationTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2014 the original author or authors. * Copyright 2012-2015 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -41,14 +41,18 @@ import org.springframework.test.util.ReflectionTestUtils;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext; import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.hasSize;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
/** /**
* Tests for {@link ManagementSecurityAutoConfiguration}. * Tests for {@link ManagementSecurityAutoConfiguration}.
* *
* @author Dave Syer * @author Dave Syer
* @author Andy Wilkinson
*/ */
public class ManagementSecurityAutoConfigurationTests { public class ManagementSecurityAutoConfigurationTests {
@ -71,11 +75,16 @@ public class ManagementSecurityAutoConfigurationTests {
EndpointAutoConfiguration.class, EndpointWebMvcAutoConfiguration.class, EndpointAutoConfiguration.class, EndpointWebMvcAutoConfiguration.class,
ManagementServerPropertiesAutoConfiguration.class, ManagementServerPropertiesAutoConfiguration.class,
PropertyPlaceholderAutoConfiguration.class); PropertyPlaceholderAutoConfiguration.class);
EnvironmentTestUtils.addEnvironment(this.context, "security.basic.enabled:false");
this.context.refresh(); this.context.refresh();
assertNotNull(this.context.getBean(AuthenticationManagerBuilder.class)); assertNotNull(this.context.getBean(AuthenticationManagerBuilder.class));
FilterChainProxy filterChainProxy = this.context.getBean(FilterChainProxy.class);
// 4 for static resources, one for management endpoints and one for the rest // 4 for static resources, one for management endpoints and one for the rest
assertEquals(6, this.context.getBean(FilterChainProxy.class).getFilterChains() assertThat(filterChainProxy.getFilterChains(), hasSize(6));
.size()); assertThat(filterChainProxy.getFilters("/beans"), hasSize(greaterThan(0)));
assertThat(filterChainProxy.getFilters("/beans/"), hasSize(greaterThan(0)));
assertThat(filterChainProxy.getFilters("/beans.foo"), hasSize(greaterThan(0)));
assertThat(filterChainProxy.getFilters("/beans/foo/bar"), hasSize(greaterThan(0)));
} }
@Test @Test