From 43fc107437273f2bda458adcbc4ff4869c80d06b Mon Sep 17 00:00:00 2001 From: Dave Syer Date: Thu, 22 Aug 2013 11:43:17 +0100 Subject: [PATCH] Fix security config The management endpoints were still all mixed up with the user endpoints. Fixed that and extracted user endpoints in to conditional block so not protected if path explicitly set to empty string. [#53029715] --- .../autoconfigure/SecurityAutoConfiguration.java | 13 ++++++++----- .../jdbc/AbstractDataSourceConfiguration.java | 2 +- .../ui/SampleActuatorUiApplicationPortTests.java | 3 +-- .../ops/ui/SampleActuatorUiApplicationTests.java | 3 +-- ...ntsPropertiesSampleActuatorApplicationTests.java | 3 +-- ...gementAddressSampleActuatorApplicationTests.java | 2 +- .../ManagementSampleActuatorApplicationTests.java | 3 +-- .../NoManagementSampleActuatorApplicationTests.java | 2 +- .../sample/ops/SampleActuatorApplicationTests.java | 2 +- .../ops/ShutdownSampleActuatorApplicationTests.java | 2 +- .../ops/UnsecureSampleActuatorApplicationTests.java | 3 +-- .../sample/jetty/SampleJettyApplicationTests.java | 3 +-- .../SampleTraditionalApplicationTests.java | 3 +-- .../sample/ui/SampleWebStaticApplicationTests.java | 2 +- .../boot/sample/ui/SampleWebUiApplicationTests.java | 3 +-- .../echo/SampleWebSocketsApplicationTests.java | 2 +- 16 files changed, 23 insertions(+), 28 deletions(-) diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/SecurityAutoConfiguration.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/SecurityAutoConfiguration.java index 7c15bb7e3a..b2ee7f0222 100644 --- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/SecurityAutoConfiguration.java +++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/SecurityAutoConfiguration.java @@ -17,7 +17,6 @@ package org.springframework.boot.actuate.autoconfigure; import java.util.ArrayList; -import java.util.Arrays; import java.util.List; import org.apache.commons.logging.Log; @@ -141,12 +140,17 @@ public class SecurityAutoConfiguration { http.httpBasic().and().anonymous().disable(); ExpressionUrlAuthorizationConfigurer authorizeUrls = http .authorizeUrls(); - if (getEndpointPaths(true).length > 0) { + String[] paths = getEndpointPaths(true); + if (paths.length > 0) { authorizeUrls.antMatchers(getEndpointPaths(true)).hasRole( this.management.getUser().getRole()); } - authorizeUrls.antMatchers(getSecureApplicationPaths()) - .hasRole(this.security.getBasic().getRole()).and().httpBasic(); + paths = getSecureApplicationPaths(); + if (paths.length > 0) { + authorizeUrls.antMatchers(getSecureApplicationPaths()).hasRole( + this.security.getBasic().getRole()); + } + authorizeUrls.and().httpBasic(); } // No cookies for service endpoints by default @@ -164,7 +168,6 @@ public class SecurityAutoConfiguration { list.add(path); } } - list.addAll(Arrays.asList(getEndpointPaths(true))); return list.toArray(new String[list.size()]); } diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jdbc/AbstractDataSourceConfiguration.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jdbc/AbstractDataSourceConfiguration.java index 7e4c7340b3..3880a9fe99 100644 --- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jdbc/AbstractDataSourceConfiguration.java +++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jdbc/AbstractDataSourceConfiguration.java @@ -37,7 +37,7 @@ public abstract class AbstractDataSourceConfiguration implements BeanClassLoader private String password = ""; - private int maxActive = 8; + private int maxActive = 100; private int maxIdle = 8; diff --git a/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationPortTests.java b/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationPortTests.java index 13550ec35d..4ca1331ebf 100644 --- a/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationPortTests.java +++ b/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationPortTests.java @@ -28,7 +28,6 @@ import org.junit.BeforeClass; import org.junit.Ignore; import org.junit.Test; import org.springframework.boot.SpringApplication; -import org.springframework.boot.sample.ops.ui.SampleActuatorUiApplication; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -63,7 +62,7 @@ public class SampleActuatorUiApplicationPortTests { .run(SampleActuatorUiApplication.class, args); } }); - context = future.get(10, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationTests.java index adea9753c1..aa5f4b3ff5 100644 --- a/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationTests.java @@ -28,7 +28,6 @@ import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; import org.springframework.boot.SpringApplication; -import org.springframework.boot.sample.ops.ui.SampleActuatorUiApplication; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.http.HttpEntity; import org.springframework.http.HttpHeaders; @@ -63,7 +62,7 @@ public class SampleActuatorUiApplicationTests { .run(SampleActuatorUiApplication.class); } }); - context = future.get(30, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/EndpointsPropertiesSampleActuatorApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/EndpointsPropertiesSampleActuatorApplicationTests.java index ba27534f71..eaf1d9219a 100644 --- a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/EndpointsPropertiesSampleActuatorApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/EndpointsPropertiesSampleActuatorApplicationTests.java @@ -28,7 +28,6 @@ import java.util.concurrent.TimeUnit; import org.junit.After; import org.junit.Test; import org.springframework.boot.SpringApplication; -import org.springframework.boot.sample.ops.SampleActuatorApplication; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.http.HttpRequest; import org.springframework.http.HttpStatus; @@ -64,7 +63,7 @@ public class EndpointsPropertiesSampleActuatorApplicationTests { .run(configuration, args); } }); - this.context = future.get(10, TimeUnit.SECONDS); + this.context = future.get(60, TimeUnit.SECONDS); } @After diff --git a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementAddressSampleActuatorApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementAddressSampleActuatorApplicationTests.java index 0467040c03..dedbdae170 100644 --- a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementAddressSampleActuatorApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementAddressSampleActuatorApplicationTests.java @@ -71,7 +71,7 @@ public class ManagementAddressSampleActuatorApplicationTests { .run(SampleActuatorApplication.class, args); } }); - context = future.get(30, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementSampleActuatorApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementSampleActuatorApplicationTests.java index da55b6d02e..8d5f4a1fff 100644 --- a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementSampleActuatorApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementSampleActuatorApplicationTests.java @@ -27,7 +27,6 @@ import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; import org.springframework.boot.SpringApplication; -import org.springframework.boot.sample.ops.SampleActuatorApplication; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -62,7 +61,7 @@ public class ManagementSampleActuatorApplicationTests { .run(SampleActuatorApplication.class, args); } }); - context = future.get(30, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/NoManagementSampleActuatorApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/NoManagementSampleActuatorApplicationTests.java index 2567eab31a..af11652ada 100644 --- a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/NoManagementSampleActuatorApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/NoManagementSampleActuatorApplicationTests.java @@ -69,7 +69,7 @@ public class NoManagementSampleActuatorApplicationTests { .run(SampleActuatorApplication.class, args); } }); - context = future.get(10, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/SampleActuatorApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/SampleActuatorApplicationTests.java index abadbd8c3a..a1e8a26df4 100644 --- a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/SampleActuatorApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/SampleActuatorApplicationTests.java @@ -67,7 +67,7 @@ public class SampleActuatorApplicationTests { .run(SampleActuatorApplication.class); } }); - context = future.get(30, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ShutdownSampleActuatorApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ShutdownSampleActuatorApplicationTests.java index b166c66b81..f3b7f522f7 100644 --- a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ShutdownSampleActuatorApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ShutdownSampleActuatorApplicationTests.java @@ -66,7 +66,7 @@ public class ShutdownSampleActuatorApplicationTests { .run(SampleActuatorApplication.class); } }); - context = future.get(10, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/UnsecureSampleActuatorApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/UnsecureSampleActuatorApplicationTests.java index b44b65b54b..f5e32838b7 100644 --- a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/UnsecureSampleActuatorApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/UnsecureSampleActuatorApplicationTests.java @@ -27,7 +27,6 @@ import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; import org.springframework.boot.SpringApplication; -import org.springframework.boot.sample.ops.SampleActuatorApplication; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -60,7 +59,7 @@ public class UnsecureSampleActuatorApplicationTests { "--security.basic.enabled=false"); } }); - context = future.get(10, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-jetty/src/test/java/org/springframework/boot/sample/jetty/SampleJettyApplicationTests.java b/spring-boot-samples/spring-boot-sample-jetty/src/test/java/org/springframework/boot/sample/jetty/SampleJettyApplicationTests.java index 963895904c..d06dfe304e 100644 --- a/spring-boot-samples/spring-boot-sample-jetty/src/test/java/org/springframework/boot/sample/jetty/SampleJettyApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-jetty/src/test/java/org/springframework/boot/sample/jetty/SampleJettyApplicationTests.java @@ -26,7 +26,6 @@ import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; import org.springframework.boot.SpringApplication; -import org.springframework.boot.sample.jetty.SampleJettyApplication; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -56,7 +55,7 @@ public class SampleJettyApplicationTests { .run(SampleJettyApplication.class); } }); - context = future.get(10, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-traditional/src/test/java/org/springframework/boot/sample/traditional/SampleTraditionalApplicationTests.java b/spring-boot-samples/spring-boot-sample-traditional/src/test/java/org/springframework/boot/sample/traditional/SampleTraditionalApplicationTests.java index 7e920c41d8..a42b48aa15 100644 --- a/spring-boot-samples/spring-boot-sample-traditional/src/test/java/org/springframework/boot/sample/traditional/SampleTraditionalApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-traditional/src/test/java/org/springframework/boot/sample/traditional/SampleTraditionalApplicationTests.java @@ -26,7 +26,6 @@ import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; import org.springframework.boot.SpringApplication; -import org.springframework.boot.sample.traditional.SampleTraditionalApplication; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -57,7 +56,7 @@ public class SampleTraditionalApplicationTests { .run(SampleTraditionalApplication.class); } }); - context = future.get(30, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-web-static/src/test/java/org/springframework/boot/sample/ui/SampleWebStaticApplicationTests.java b/spring-boot-samples/spring-boot-sample-web-static/src/test/java/org/springframework/boot/sample/ui/SampleWebStaticApplicationTests.java index 1e0d332919..abd1ecad1d 100644 --- a/spring-boot-samples/spring-boot-sample-web-static/src/test/java/org/springframework/boot/sample/ui/SampleWebStaticApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-web-static/src/test/java/org/springframework/boot/sample/ui/SampleWebStaticApplicationTests.java @@ -41,7 +41,7 @@ public class SampleWebStaticApplicationTests { .run(SampleWebStaticApplication.class); } }); - context = future.get(30, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-web-ui/src/test/java/org/springframework/boot/sample/ui/SampleWebUiApplicationTests.java b/spring-boot-samples/spring-boot-sample-web-ui/src/test/java/org/springframework/boot/sample/ui/SampleWebUiApplicationTests.java index 802da77544..4be487bd8d 100644 --- a/spring-boot-samples/spring-boot-sample-web-ui/src/test/java/org/springframework/boot/sample/ui/SampleWebUiApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-web-ui/src/test/java/org/springframework/boot/sample/ui/SampleWebUiApplicationTests.java @@ -11,7 +11,6 @@ import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; import org.springframework.boot.SpringApplication; -import org.springframework.boot.sample.ui.SampleWebUiApplication; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -45,7 +44,7 @@ public class SampleWebUiApplicationTests { .run(SampleWebUiApplication.class); } }); - context = future.get(30, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-websocket/src/test/java/org/springframework/boot/samples/websocket/echo/SampleWebSocketsApplicationTests.java b/spring-boot-samples/spring-boot-sample-websocket/src/test/java/org/springframework/boot/samples/websocket/echo/SampleWebSocketsApplicationTests.java index 430bcaac69..89230dc802 100644 --- a/spring-boot-samples/spring-boot-sample-websocket/src/test/java/org/springframework/boot/samples/websocket/echo/SampleWebSocketsApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-websocket/src/test/java/org/springframework/boot/samples/websocket/echo/SampleWebSocketsApplicationTests.java @@ -59,7 +59,7 @@ public class SampleWebSocketsApplicationTests { .run(SampleWebSocketsApplication.class); } }); - context = future.get(30, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass