Spring/spring-boot
Spring/spring-boot
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-boot.git synced 2024-08-29 03:06:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

Don't set deefault password if empty or unresolved

Browse Source
This commit is contained in:
Dave Syer 2013-08-22 17:06:07 +01:00 committed by Phillip Webb
parent 1e0e2e7102
commit 9e18183dd5
2 changed files with 27 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
spring-boot-actuator/src/main/java/org/springframework/boot/actuate/properties/SecurityProperties.java
View File

@ -20,6 +20,7 @@ import java.util.UUID;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.util.StringUtils;
/**
* Properties for the security aspects of an application.
@ -148,7 +149,7 @@ public class SecurityProperties {
private String role = "USER";
private boolean defaultPassword;
private boolean defaultPassword = true;
public String getName() {
return this.name;
@ -163,6 +164,10 @@ public class SecurityProperties {
}
public void setPassword(String password) {
if (password.startsWith("${") && password.endsWith("}")
|| !StringUtils.hasLength(password)) {
return;
}
this.defaultPassword = false;
this.password = password;
}

22
spring-boot-actuator/src/test/java/org/springframework/boot/actuate/properties/SecurityPropertiesTests.java
View File

@ -20,12 +20,12 @@ import java.util.Collections;
import org.junit.Test;
import org.springframework.beans.MutablePropertyValues;
import org.springframework.boot.actuate.properties.SecurityProperties;
import org.springframework.boot.bind.RelaxedDataBinder;
import org.springframework.core.convert.support.DefaultConversionService;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
/**
* Tests for {@link SecurityProperties}.
@ -55,4 +55,24 @@ public class SecurityPropertiesTests {
assertEquals(2, security.getIgnored().length);
}
@Test
public void testDefaultPasswordAutogeneratedIfUnresolovedPlaceholder() {
SecurityProperties security = new SecurityProperties();
RelaxedDataBinder binder = new RelaxedDataBinder(security, "security");
binder.bind(new MutablePropertyValues(Collections.singletonMap(
"security.user.password", "${ADMIN_PASSWORD}")));
assertFalse(binder.getBindingResult().hasErrors());
assertTrue(security.getUser().isDefaultPassword());
}
@Test
public void testDefaultPasswordAutogeneratedIfEmpty() {
SecurityProperties security = new SecurityProperties();
RelaxedDataBinder binder = new RelaxedDataBinder(security, "security");
binder.bind(new MutablePropertyValues(Collections.singletonMap(
"security.user.password", "")));
assertFalse(binder.getBindingResult().hasErrors());
assertTrue(security.getUser().isDefaultPassword());
}
}