root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 12 Packages Projects Releases Wiki Activity

Make EndpointRequestMatcher#excluding public 

Fixes gh-12354
This commit is contained in:
Madhura Bhave 2018-03-05 16:04:45 -08:00
parent 44c48ec5a8
commit e6eca04af2
5 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/reactive/EndpointRequest.java
View File

@ -125,13 +125,13 @@ public final class EndpointRequest {
this.excludes = excludes; this.excludes = excludes;
} }
EndpointServerWebExchangeMatcher excluding(Class<?>... endpoints) { public EndpointServerWebExchangeMatcher excluding(Class<?>... endpoints) {
List<Object> excludes = new ArrayList<>(this.excludes); List<Object> excludes = new ArrayList<>(this.excludes);
excludes.addAll(Arrays.asList((Object[]) endpoints)); excludes.addAll(Arrays.asList((Object[]) endpoints));
return new EndpointServerWebExchangeMatcher(this.includes, excludes); return new EndpointServerWebExchangeMatcher(this.includes, excludes);
} }
EndpointServerWebExchangeMatcher excluding(String... endpoints) { public EndpointServerWebExchangeMatcher excluding(String... endpoints) {
List<Object> excludes = new ArrayList<>(this.excludes); List<Object> excludes = new ArrayList<>(this.excludes);
excludes.addAll(Arrays.asList((Object[]) endpoints)); excludes.addAll(Arrays.asList((Object[]) endpoints));
return new EndpointServerWebExchangeMatcher(this.includes, excludes); return new EndpointServerWebExchangeMatcher(this.includes, excludes);

4
spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequest.java
View File

@ -120,13 +120,13 @@ public final class EndpointRequest {
this.excludes = excludes; this.excludes = excludes;
} }
EndpointRequestMatcher excluding(Class<?>... endpoints) { public EndpointRequestMatcher excluding(Class<?>... endpoints) {
List<Object> excludes = new ArrayList<>(this.excludes); List<Object> excludes = new ArrayList<>(this.excludes);
excludes.addAll(Arrays.asList((Object[]) endpoints)); excludes.addAll(Arrays.asList((Object[]) endpoints));
return new EndpointRequestMatcher(this.includes, excludes); return new EndpointRequestMatcher(this.includes, excludes);
} }
EndpointRequestMatcher excluding(String... endpoints) { public EndpointRequestMatcher excluding(String... endpoints) {
List<Object> excludes = new ArrayList<>(this.excludes); List<Object> excludes = new ArrayList<>(this.excludes);
excludes.addAll(Arrays.asList((Object[]) endpoints)); excludes.addAll(Arrays.asList((Object[]) endpoints));
return new EndpointRequestMatcher(this.includes, excludes); return new EndpointRequestMatcher(this.includes, excludes);

3
spring-boot-samples/spring-boot-sample-actuator-custom-security/src/main/java/sample/actuator/customsecurity/SecurityConfiguration.java
View File

@ -17,6 +17,7 @@
package sample.actuator.customsecurity; package sample.actuator.customsecurity;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest; import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.boot.actuate.web.mappings.MappingsEndpoint;
import org.springframework.boot.autoconfigure.security.servlet.PathRequest; import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
@ -43,7 +44,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
// @formatter:off // @formatter:off
http.authorizeRequests() http.authorizeRequests()
.requestMatchers(EndpointRequest.to("health", "info")).permitAll() .requestMatchers(EndpointRequest.to("health", "info")).permitAll()
.requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ACTUATOR") .requestMatchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)).hasRole("ACTUATOR")
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll() .requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
.antMatchers("/foo").permitAll() .antMatchers("/foo").permitAll()
.antMatchers("/**").hasRole("USER") .antMatchers("/**").hasRole("USER")

7
spring-boot-samples/spring-boot-sample-actuator-custom-security/src/test/java/sample/actuator/customsecurity/SampleActuatorCustomSecurityApplicationTests.java
View File

@ -125,6 +125,13 @@ public class SampleActuatorCustomSecurityApplicationTests {
assertThat(entity.getHeaders().getFirst("echo")).isEqualTo("test"); assertThat(entity.getHeaders().getFirst("echo")).isEqualTo("test");
} }
@Test
public void actuatorExcludedFromEndpointRequestMatcher() {
ResponseEntity<Object> entity = userRestTemplate().getForEntity("/actuator/mappings",
Object.class);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
}
private TestRestTemplate restTemplate() { private TestRestTemplate restTemplate() {
return configure(new TestRestTemplate()); return configure(new TestRestTemplate());
} }

10
spring-boot-samples/spring-boot-sample-secure-webflux/src/test/java/sample/secure/webflux/SampleSecureWebFluxCustomSecurityTests.java
View File

@ -23,6 +23,7 @@ import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.actuate.autoconfigure.security.reactive.EndpointRequest; import org.springframework.boot.actuate.autoconfigure.security.reactive.EndpointRequest;
import org.springframework.boot.actuate.web.mappings.MappingsEndpoint;
import org.springframework.boot.autoconfigure.security.reactive.PathRequest; import org.springframework.boot.autoconfigure.security.reactive.PathRequest;
import org.springframework.boot.test.context.SpringBootTest; import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
@ -78,6 +79,13 @@ public class SampleSecureWebFluxCustomSecurityTests {
.expectStatus().isOk(); .expectStatus().isOk();
} }
@Test
public void actuatorExcludedFromEndpointRequestMatcher() {
this.webClient.get().uri("/actuator/mappings").accept(MediaType.APPLICATION_JSON)
.header("Authorization", "basic " + getBasicAuth()).exchange()
.expectStatus().isOk();
}
@Test @Test
public void staticResourceShouldBeAccessible() { public void staticResourceShouldBeAccessible() {
this.webClient.get().uri("/css/bootstrap.min.css") this.webClient.get().uri("/css/bootstrap.min.css")
@ -100,7 +108,7 @@ public class SampleSecureWebFluxCustomSecurityTests {
@Bean @Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http.authorizeExchange().matchers(EndpointRequest.to("health", "info")) http.authorizeExchange().matchers(EndpointRequest.to("health", "info"))
.permitAll().matchers(EndpointRequest.toAnyEndpoint()) .permitAll().matchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class))
.hasRole("ACTUATOR") .hasRole("ACTUATOR")
.matchers(PathRequest.toStaticResources().atCommonLocations()) .matchers(PathRequest.toStaticResources().atCommonLocations())
.permitAll().pathMatchers("/login").permitAll().anyExchange() .permitAll().pathMatchers("/login").permitAll().anyExchange()