diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/CrshAutoConfiguration.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/CrshAutoConfiguration.java index 6fb736d162..fff3c09520 100644 --- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/CrshAutoConfiguration.java +++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/CrshAutoConfiguration.java @@ -295,7 +295,7 @@ public class CrshAutoConfiguration { CRaSHPlugin implements AuthenticationPlugin { private static final PropertyDescriptor ROLES = PropertyDescriptor.create( - "auth.spring.roles", "ADMIN", + "auth.spring.roles", "ACTUATOR", "Comma separated list of roles required to access the shell"); @Autowired @@ -305,7 +305,7 @@ public class CrshAutoConfiguration { @Qualifier("shellAccessDecisionManager") private AccessDecisionManager accessDecisionManager; - private String[] roles = new String[] { "ADMIN" }; + private String[] roles = new String[] { "ACTUATOR" }; @Override public boolean authenticate(String username, String password) throws Exception { diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementServerProperties.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementServerProperties.java index 75a14db3af..f32b5a4b7e 100644 --- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementServerProperties.java +++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementServerProperties.java @@ -168,7 +168,7 @@ public class ManagementServerProperties implements SecurityPrerequisite { /** * Comma-separated list of roles that can access the management endpoint. */ - private List roles = Arrays.asList("ADMIN"); + private List roles = Arrays.asList("ACTUATOR"); /** * Session creating policy for security use (always, never, if_required, diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ShellProperties.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ShellProperties.java index fe02b23f5c..4521c95a90 100644 --- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ShellProperties.java +++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ShellProperties.java @@ -524,7 +524,7 @@ public class ShellProperties { /** * Comma-separated list of required roles to login to the CRaSH console. */ - private String[] roles = new String[] { "ADMIN" }; + private String[] roles = new String[] { "ACTUATOR" }; @Override protected void applyToCrshShellConfig(Properties config) { diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/HealthMvcEndpoint.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/HealthMvcEndpoint.java index a44df8fc43..53bd7eded7 100644 --- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/HealthMvcEndpoint.java +++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/HealthMvcEndpoint.java @@ -194,7 +194,7 @@ public class HealthMvcEndpoint extends AbstractEndpointMvcAdapter roles = Arrays.asList(StringUtils .trimArrayElements(StringUtils.commaDelimitedListToStringArray( - this.roleResolver.getProperty("roles", "ROLE_ADMIN")))); + this.roleResolver.getProperty("roles", "ROLE_ACTUATOR")))); for (GrantedAuthority authority : authentication.getAuthorities()) { String name = authority.getAuthority(); for (String role : roles) { diff --git a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/CrshAutoConfigurationTests.java b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/CrshAutoConfigurationTests.java index 764605e0bd..20d54973fd 100644 --- a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/CrshAutoConfigurationTests.java +++ b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/CrshAutoConfigurationTests.java @@ -347,7 +347,7 @@ public class CrshAutoConfigurationTests { authentication = new UsernamePasswordAuthenticationToken( authentication.getPrincipal(), authentication.getCredentials(), Collections - .singleton(new SimpleGrantedAuthority("ADMIN"))); + .singleton(new SimpleGrantedAuthority("ACTUATOR"))); } else { throw new BadCredentialsException( diff --git a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/ManagementWebSecurityAutoConfigurationTests.java b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/ManagementWebSecurityAutoConfigurationTests.java index 731e3bd81b..b9f6d8b10f 100644 --- a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/ManagementWebSecurityAutoConfigurationTests.java +++ b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/ManagementWebSecurityAutoConfigurationTests.java @@ -120,7 +120,7 @@ public class ManagementWebSecurityAutoConfigurationTests { ArrayList authorities = new ArrayList( user.getAuthorities()); assertThat(authorities).containsAll(AuthorityUtils - .commaSeparatedStringToAuthorityList("ROLE_USER,ROLE_ADMIN")); + .commaSeparatedStringToAuthorityList("ROLE_USER,ROLE_ACTUATOR")); } private UserDetails getUser() { diff --git a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpointIntegrationTests.java b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpointIntegrationTests.java index 1fa3785355..7a0f72e0e6 100644 --- a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpointIntegrationTests.java +++ b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpointIntegrationTests.java @@ -68,7 +68,7 @@ public class MvcEndpointIntegrationTests { @Test public void defaultJsonResponseIsNotIndented() throws Exception { TestSecurityContextHolder.getContext().setAuthentication( - new TestingAuthenticationToken("user", "N/A", "ROLE_ADMIN")); + new TestingAuthenticationToken("user", "N/A", "ROLE_ACTUATOR")); this.context = new AnnotationConfigWebApplicationContext(); this.context.register(SecureConfiguration.class); MockMvc mockMvc = createSecureMockMvc(); @@ -103,7 +103,7 @@ public class MvcEndpointIntegrationTests { @Test public void jsonExtensionProvided() throws Exception { TestSecurityContextHolder.getContext().setAuthentication( - new TestingAuthenticationToken("user", "N/A", "ROLE_ADMIN")); + new TestingAuthenticationToken("user", "N/A", "ROLE_ACTUATOR")); this.context = new AnnotationConfigWebApplicationContext(); this.context.register(SecureConfiguration.class); MockMvc mockMvc = createSecureMockMvc(); @@ -151,7 +151,7 @@ public class MvcEndpointIntegrationTests { } @Test - public void sensitiveEndpointsAreSecureWithNonAdminRoleWithCustomContextPath() + public void sensitiveEndpointsAreSecureWithNonActuatorRoleWithCustomContextPath() throws Exception { TestSecurityContextHolder.getContext().setAuthentication( new TestingAuthenticationToken("user", "N/A", "ROLE_USER")); @@ -164,10 +164,10 @@ public class MvcEndpointIntegrationTests { } @Test - public void sensitiveEndpointsAreSecureWithAdminRoleWithCustomContextPath() + public void sensitiveEndpointsAreSecureWithActuatorRoleWithCustomContextPath() throws Exception { TestSecurityContextHolder.getContext().setAuthentication( - new TestingAuthenticationToken("user", "N/A", "ROLE_ADMIN")); + new TestingAuthenticationToken("user", "N/A", "ROLE_ACTUATOR")); this.context = new AnnotationConfigWebApplicationContext(); this.context.register(SecureConfiguration.class); EnvironmentTestUtils.addEnvironment(this.context, @@ -199,7 +199,7 @@ public class MvcEndpointIntegrationTests { private void assertIndentedJsonResponse(Class configuration) throws Exception { TestSecurityContextHolder.getContext().setAuthentication( - new TestingAuthenticationToken("user", "N/A", "ROLE_ADMIN")); + new TestingAuthenticationToken("user", "N/A", "ROLE_ACTUATOR")); this.context = new AnnotationConfigWebApplicationContext(); this.context.register(configuration); EnvironmentTestUtils.addEnvironment(this.context, diff --git a/spring-boot-samples/spring-boot-sample-web-method-security/src/main/java/sample/security/method/SampleMethodSecurityApplication.java b/spring-boot-samples/spring-boot-sample-web-method-security/src/main/java/sample/security/method/SampleMethodSecurityApplication.java index 93847c0cf9..3dfbeffcff 100644 --- a/spring-boot-samples/spring-boot-sample-web-method-security/src/main/java/sample/security/method/SampleMethodSecurityApplication.java +++ b/spring-boot-samples/spring-boot-sample-web-method-security/src/main/java/sample/security/method/SampleMethodSecurityApplication.java @@ -73,7 +73,7 @@ public class SampleMethodSecurityApplication extends WebMvcConfigurerAdapter { @Override public void init(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication().withUser("admin").password("admin") - .roles("ADMIN", "USER").and().withUser("user").password("user") + .roles("ADMIN", "USER", "ACTUATOR").and().withUser("user").password("user") .roles("USER"); }