Spring/spring-boot
Spring/spring-boot
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-boot.git synced 2024-08-29 03:06:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

Make EndpointRequestMatcher#excluding public

Browse Source 
Fixes gh-12354
This commit is contained in:
Madhura Bhave 2018-03-05 16:04:45 -08:00
parent 44c48ec5a8
commit e6eca04af2
5 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/reactive/EndpointRequest.java
View File

@ -125,13 +125,13 @@ public final class EndpointRequest {
this.excludes = excludes;
}
EndpointServerWebExchangeMatcher excluding(Class<?>... endpoints) {
public EndpointServerWebExchangeMatcher excluding(Class<?>... endpoints) {
List<Object> excludes = new ArrayList<>(this.excludes);
excludes.addAll(Arrays.asList((Object[]) endpoints));
return new EndpointServerWebExchangeMatcher(this.includes, excludes);
}
EndpointServerWebExchangeMatcher excluding(String... endpoints) {
public EndpointServerWebExchangeMatcher excluding(String... endpoints) {
List<Object> excludes = new ArrayList<>(this.excludes);
excludes.addAll(Arrays.asList((Object[]) endpoints));
return new EndpointServerWebExchangeMatcher(this.includes, excludes);

4
spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequest.java
View File

@ -120,13 +120,13 @@ public final class EndpointRequest {
this.excludes = excludes;
}
EndpointRequestMatcher excluding(Class<?>... endpoints) {
public EndpointRequestMatcher excluding(Class<?>... endpoints) {
List<Object> excludes = new ArrayList<>(this.excludes);
excludes.addAll(Arrays.asList((Object[]) endpoints));
return new EndpointRequestMatcher(this.includes, excludes);
}
EndpointRequestMatcher excluding(String... endpoints) {
public EndpointRequestMatcher excluding(String... endpoints) {
List<Object> excludes = new ArrayList<>(this.excludes);
excludes.addAll(Arrays.asList((Object[]) endpoints));
return new EndpointRequestMatcher(this.includes, excludes);

3
spring-boot-samples/spring-boot-sample-actuator-custom-security/src/main/java/sample/actuator/customsecurity/SecurityConfiguration.java
View File

@ -17,6 +17,7 @@
package sample.actuator.customsecurity;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.boot.actuate.web.mappings.MappingsEndpoint;
import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@ -43,7 +44,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
// @formatter:off
http.authorizeRequests()
.requestMatchers(EndpointRequest.to("health", "info")).permitAll()
.requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ACTUATOR")
.requestMatchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)).hasRole("ACTUATOR")
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
.antMatchers("/foo").permitAll()
.antMatchers("/**").hasRole("USER")

7
spring-boot-samples/spring-boot-sample-actuator-custom-security/src/test/java/sample/actuator/customsecurity/SampleActuatorCustomSecurityApplicationTests.java
View File

@ -125,6 +125,13 @@ public class SampleActuatorCustomSecurityApplicationTests {
assertThat(entity.getHeaders().getFirst("echo")).isEqualTo("test");
}
@Test
public void actuatorExcludedFromEndpointRequestMatcher() {
ResponseEntity<Object> entity = userRestTemplate().getForEntity("/actuator/mappings",
Object.class);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
}
private TestRestTemplate restTemplate() {
return configure(new TestRestTemplate());
}

10
spring-boot-samples/spring-boot-sample-secure-webflux/src/test/java/sample/secure/webflux/SampleSecureWebFluxCustomSecurityTests.java
View File

@ -23,6 +23,7 @@ import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.actuate.autoconfigure.security.reactive.EndpointRequest;
import org.springframework.boot.actuate.web.mappings.MappingsEndpoint;
import org.springframework.boot.autoconfigure.security.reactive.PathRequest;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.context.annotation.Bean;
@ -78,6 +79,13 @@ public class SampleSecureWebFluxCustomSecurityTests {
.expectStatus().isOk();
}
@Test
public void actuatorExcludedFromEndpointRequestMatcher() {
this.webClient.get().uri("/actuator/mappings").accept(MediaType.APPLICATION_JSON)
.header("Authorization", "basic " + getBasicAuth()).exchange()
.expectStatus().isOk();
}
@Test
public void staticResourceShouldBeAccessible() {
this.webClient.get().uri("/css/bootstrap.min.css")
@ -100,7 +108,7 @@ public class SampleSecureWebFluxCustomSecurityTests {
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http.authorizeExchange().matchers(EndpointRequest.to("health", "info"))
.permitAll().matchers(EndpointRequest.toAnyEndpoint())
.permitAll().matchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class))
.hasRole("ACTUATOR")
.matchers(PathRequest.toStaticResources().atCommonLocations())
.permitAll().pathMatchers("/login").permitAll().anyExchange()