Add option to disable X-Application-Context

Add `management.add-application-context-header` option to disable
the automatic adding of the `X-Application-Context` HTTP header.

Fixes gh-1308

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/EndpointWebMvcAutoConfiguration.java

@@ -246,18 +246,40 @@ public class EndpointWebMvcAutoConfiguration implements ApplicationContextAware,
 
 		@Bean
 		public Filter applicationContextIdFilter(ApplicationContext context) {
-			final String id = context.getId();
-			return new OncePerRequestFilter() {
-
-				@Override
-				protected void doFilterInternal(HttpServletRequest request,
-						HttpServletResponse response, FilterChain filterChain)
-						throws ServletException, IOException {
-					response.addHeader("X-Application-Context", id);
-					filterChain.doFilter(request, response);
-				}
-			};
+			return new ApplicationContextHeaderFilter(context);
 		}
+
+	}
+
+	/**
+	 * {@link OncePerRequestFilter} to add the {@literal X-Application-Context} if
+	 * required.
+	 */
+	private static class ApplicationContextHeaderFilter extends OncePerRequestFilter {
+
+		private final ApplicationContext applicationContext;
+
+		private ManagementServerProperties properties;
+
+		public ApplicationContextHeaderFilter(ApplicationContext applicationContext) {
+			this.applicationContext = applicationContext;
+		}
+
+		@Override
+		protected void doFilterInternal(HttpServletRequest request,
+				HttpServletResponse response, FilterChain filterChain)
+				throws ServletException, IOException {
+			if (this.properties == null) {
+				this.properties = this.applicationContext
+						.getBean(ManagementServerProperties.class);
+			}
+			if (this.properties.getAddApplicationContextHeader()) {
+				response.addHeader("X-Application-Context",
+						this.applicationContext.getId());
+			}
+			filterChain.doFilter(request, response);
+		}
+
 	}
 
 	protected static enum ManagementServerPort {

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementServerProperties.java

@@ -60,6 +60,8 @@ public class ManagementServerProperties implements SecurityPrequisite {
 	@NotNull
 	private String contextPath = "";
 
+	private boolean addApplicationContextHeader = true;
+
 	private final Security security = maybeCreateSecurity();
 
 	/**
@@ -99,6 +101,14 @@ public class ManagementServerProperties implements SecurityPrequisite {
 		return this.security;
 	}
 
+	public boolean getAddApplicationContextHeader() {
+		return this.addApplicationContextHeader;
+	}
+
+	public void setAddApplicationContextHeader(boolean addApplicationContextHeader) {
+		this.addApplicationContextHeader = addApplicationContextHeader;
+	}
+
 	/**
 	 * Security configuration.
 	 */

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/EndpointWebMvcAutoConfigurationTests.java

@@ -57,7 +57,9 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.not;
 import static org.hamcrest.Matchers.notNullValue;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertThat;
+import static org.junit.Assert.assertTrue;
 
 /**
  * Tests for {@link EndpointWebMvcAutoConfiguration}.
@@ -92,6 +94,19 @@ public class EndpointWebMvcAutoConfigurationTests {
 		assertContent("/endpoint", ports.get().server, "endpointoutput");
 		assertContent("/controller", ports.get().management, null);
 		assertContent("/endpoint", ports.get().management, null);
+		assertTrue(hasHeader("/endpoint", ports.get().server, "X-Application-Context"));
+		this.applicationContext.close();
+		assertAllClosed();
+	}
+
+	@Test
+	public void onSamePortWithoutHeader() throws Exception {
+		EnvironmentTestUtils.addEnvironment(this.applicationContext,
+				"management.add-application-context-header:false");
+		this.applicationContext.register(RootConfig.class, BaseConfiguration.class,
+				ServerPortConfig.class, EndpointWebMvcAutoConfiguration.class);
+		this.applicationContext.refresh();
+		assertFalse(hasHeader("/endpoint", ports.get().server, "X-Application-Context"));
 		this.applicationContext.close();
 		assertAllClosed();
 	}
@@ -244,6 +259,14 @@ public class EndpointWebMvcAutoConfigurationTests {
 		}
 	}
 
+	public boolean hasHeader(String url, int port, String header) throws Exception {
+		SimpleClientHttpRequestFactory clientHttpRequestFactory = new SimpleClientHttpRequestFactory();
+		ClientHttpRequest request = clientHttpRequestFactory.createRequest(new URI(
+				"http://localhost:" + port + url), HttpMethod.GET);
+		ClientHttpResponse response = request.execute();
+		return response.getHeaders().containsKey(header);
+	}
+
 	private static class Ports {
 
 		int server = SocketUtils.findAvailableTcpPort();

spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc

@@ -313,6 +313,7 @@ content into your application; rather pick only the properties that you need.
 	management.port= # defaults to 'server.port'
 	management.address= # bind to a specific NIC
 	management.contextPath= # default to '/'
+	management.add-application-context-header= # default to true
 
 	# ENDPOINTS ({sc-spring-boot-actuator}/endpoint/AbstractEndpoint.{sc-ext}[AbstractEndpoint] subclasses)
 	endpoints.autoconfig.id=autoconfig