Remove concept of sensitivity from Actuator's endpoints
Closes gh-9924
This commit is contained in:
@@ -50,14 +50,14 @@ public class CorsSampleActuatorApplicationTests {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sensitiveEndpointShouldReturnUnauthorized() throws Exception {
|
||||
public void endpointShouldReturnUnauthorized() throws Exception {
|
||||
ResponseEntity<?> entity = this.testRestTemplate.getForEntity("/application/env",
|
||||
Map.class);
|
||||
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void preflightRequestForInsensitiveShouldReturnOk() throws Exception {
|
||||
public void preflightRequestToEndpointShouldReturnOk() throws Exception {
|
||||
RequestEntity<?> healthRequest = RequestEntity
|
||||
.options(new URI("/application/health"))
|
||||
.header("Origin", "http://localhost:8080")
|
||||
@@ -67,15 +67,6 @@ public class CorsSampleActuatorApplicationTests {
|
||||
assertThat(exchange.getStatusCode()).isEqualTo(HttpStatus.OK);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void preflightRequestForSensitiveEndpointShouldReturnOk() throws Exception {
|
||||
RequestEntity<?> entity = RequestEntity.options(new URI("/application/env"))
|
||||
.header("Origin", "http://localhost:8080")
|
||||
.header("Access-Control-Request-Method", "GET").build();
|
||||
ResponseEntity<?> env = this.testRestTemplate.exchange(entity, Map.class);
|
||||
assertThat(env.getStatusCode()).isEqualTo(HttpStatus.OK);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void preflightRequestWhenCorsConfigInvalidShouldReturnForbidden()
|
||||
throws Exception {
|
||||
|
||||
@@ -21,7 +21,9 @@ import java.util.Map;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.actuate.autoconfigure.LocalManagementPort;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityProperties;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
|
||||
import org.springframework.boot.test.web.client.TestRestTemplate;
|
||||
@@ -45,6 +47,9 @@ import static org.assertj.core.api.Assertions.assertThat;
|
||||
@DirtiesContext
|
||||
public class ManagementAddressActuatorApplicationTests {
|
||||
|
||||
@Autowired
|
||||
private SecurityProperties security;
|
||||
|
||||
@LocalServerPort
|
||||
private int port = 9010;
|
||||
|
||||
@@ -61,11 +66,16 @@ public class ManagementAddressActuatorApplicationTests {
|
||||
|
||||
@Test
|
||||
public void testHealth() throws Exception {
|
||||
ResponseEntity<String> entity = new TestRestTemplate().getForEntity(
|
||||
"http://localhost:" + this.managementPort + "/admin/health",
|
||||
String.class);
|
||||
ResponseEntity<String> entity = new TestRestTemplate()
|
||||
.withBasicAuth("user", getPassword())
|
||||
.getForEntity("http://localhost:" + this.managementPort + "/admin/health",
|
||||
String.class);
|
||||
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
|
||||
assertThat(entity.getBody()).contains("\"status\":\"UP\"");
|
||||
}
|
||||
|
||||
private String getPassword() {
|
||||
return this.security.getUser().getPassword();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -22,6 +22,7 @@ import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityProperties;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
|
||||
import org.springframework.boot.test.web.client.TestRestTemplate;
|
||||
@@ -46,10 +47,14 @@ public class ManagementPathSampleActuatorApplicationTests {
|
||||
@Autowired
|
||||
private TestRestTemplate restTemplate;
|
||||
|
||||
@Autowired
|
||||
private SecurityProperties securityProperties;
|
||||
|
||||
@Test
|
||||
public void testHealth() throws Exception {
|
||||
ResponseEntity<String> entity = this.restTemplate.getForEntity("/admin/health",
|
||||
String.class);
|
||||
ResponseEntity<String> entity = this.restTemplate
|
||||
.withBasicAuth("user", getPassword())
|
||||
.getForEntity("/admin/health", String.class);
|
||||
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
|
||||
assertThat(entity.getBody()).contains("\"status\":\"UP\"");
|
||||
}
|
||||
@@ -65,4 +70,8 @@ public class ManagementPathSampleActuatorApplicationTests {
|
||||
assertThat(entity.getHeaders()).doesNotContainKey("Set-Cookie");
|
||||
}
|
||||
|
||||
private String getPassword() {
|
||||
return this.securityProperties.getUser().getPassword();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -77,9 +77,10 @@ public class ManagementPortAndPathSampleActuatorApplicationTests {
|
||||
|
||||
@Test
|
||||
public void testHealth() throws Exception {
|
||||
ResponseEntity<String> entity = new TestRestTemplate().getForEntity(
|
||||
"http://localhost:" + this.managementPort + "/admin/health",
|
||||
String.class);
|
||||
ResponseEntity<String> entity = new TestRestTemplate()
|
||||
.withBasicAuth("user", getPassword())
|
||||
.getForEntity("http://localhost:" + this.managementPort + "/admin/health",
|
||||
String.class);
|
||||
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
|
||||
assertThat(entity.getBody()).contains("\"status\":\"UP\"");
|
||||
}
|
||||
|
||||
@@ -71,14 +71,17 @@ public class ManagementPortSampleActuatorApplicationTests {
|
||||
testHome(); // makes sure some requests have been made
|
||||
@SuppressWarnings("rawtypes")
|
||||
ResponseEntity<Map> entity = new TestRestTemplate().getForEntity(
|
||||
"http://localhost:" + this.managementPort + "/application/metrics", Map.class);
|
||||
"http://localhost:" + this.managementPort + "/application/metrics",
|
||||
Map.class);
|
||||
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testHealth() throws Exception {
|
||||
ResponseEntity<String> entity = new TestRestTemplate().getForEntity(
|
||||
"http://localhost:" + this.managementPort + "/application/health", String.class);
|
||||
ResponseEntity<String> entity = new TestRestTemplate()
|
||||
.withBasicAuth("user", getPassword()).getForEntity(
|
||||
"http://localhost:" + this.managementPort + "/application/health",
|
||||
String.class);
|
||||
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
|
||||
assertThat(entity.getBody()).contains("\"status\":\"UP\"");
|
||||
}
|
||||
|
||||
@@ -1,55 +0,0 @@
|
||||
/*
|
||||
* Copyright 2012-2017 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package sample.actuator;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
|
||||
import org.springframework.boot.test.web.client.TestRestTemplate;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.test.annotation.DirtiesContext;
|
||||
import org.springframework.test.context.junit4.SpringRunner;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
/**
|
||||
* Tests for /health with {@code endpoints.health.sensitive=false}.
|
||||
*
|
||||
* @author Phillip Webb
|
||||
*/
|
||||
@RunWith(SpringRunner.class)
|
||||
@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT, properties = {
|
||||
"endpoints.health.sensitive=false" })
|
||||
@DirtiesContext
|
||||
public class NonSensitiveHealthTests {
|
||||
|
||||
@Autowired
|
||||
private TestRestTemplate restTemplate;
|
||||
|
||||
@Test
|
||||
public void testSecureHealth() throws Exception {
|
||||
ResponseEntity<String> entity = this.restTemplate.getForEntity("/application/health",
|
||||
String.class);
|
||||
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
|
||||
assertThat(entity.getBody()).doesNotContain("\"hello\":1");
|
||||
}
|
||||
|
||||
}
|
||||
@@ -121,24 +121,17 @@ public class SampleActuatorApplicationTests {
|
||||
@Test
|
||||
public void testHealth() throws Exception {
|
||||
ResponseEntity<String> entity = this.restTemplate
|
||||
.withBasicAuth("user", getPassword())
|
||||
.getForEntity("/application/health", String.class);
|
||||
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
|
||||
assertThat(entity.getBody()).contains("\"status\":\"UP\"");
|
||||
assertThat(entity.getBody()).doesNotContain("\"hello\":\"1\"");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSecureHealth() throws Exception {
|
||||
ResponseEntity<String> entity = this.restTemplate
|
||||
.withBasicAuth("user", getPassword())
|
||||
.getForEntity("/application/health", String.class);
|
||||
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
|
||||
assertThat(entity.getBody()).contains("\"hello\":1");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testInfo() throws Exception {
|
||||
ResponseEntity<String> entity = this.restTemplate
|
||||
.withBasicAuth("user", getPassword())
|
||||
.getForEntity("/application/info", String.class);
|
||||
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
|
||||
assertThat(entity.getBody())
|
||||
|
||||
@@ -22,6 +22,7 @@ import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityProperties;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
|
||||
import org.springframework.boot.test.web.client.TestRestTemplate;
|
||||
@@ -46,6 +47,9 @@ public class ServletPathSampleActuatorApplicationTests {
|
||||
@Autowired
|
||||
private TestRestTemplate restTemplate;
|
||||
|
||||
@Autowired
|
||||
private SecurityProperties security;
|
||||
|
||||
@Test
|
||||
public void testErrorPath() throws Exception {
|
||||
@SuppressWarnings("rawtypes")
|
||||
@@ -60,8 +64,9 @@ public class ServletPathSampleActuatorApplicationTests {
|
||||
|
||||
@Test
|
||||
public void testHealth() throws Exception {
|
||||
ResponseEntity<String> entity = this.restTemplate.getForEntity("/spring//application/health",
|
||||
String.class);
|
||||
ResponseEntity<String> entity = this.restTemplate
|
||||
.withBasicAuth("user", getPassword())
|
||||
.getForEntity("/spring/application/health", String.class);
|
||||
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
|
||||
assertThat(entity.getBody()).contains("\"status\":\"UP\"");
|
||||
}
|
||||
@@ -78,4 +83,8 @@ public class ServletPathSampleActuatorApplicationTests {
|
||||
assertThat(entity.getHeaders()).doesNotContainKey("Set-Cookie");
|
||||
}
|
||||
|
||||
private String getPassword() {
|
||||
return this.security.getUser().getPassword();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user