Make EndpointRequestMatcher#excluding public
Fixes gh-12354
This commit is contained in:
@@ -23,6 +23,7 @@ import org.junit.runner.RunWith;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.actuate.autoconfigure.security.reactive.EndpointRequest;
|
||||
import org.springframework.boot.actuate.web.mappings.MappingsEndpoint;
|
||||
import org.springframework.boot.autoconfigure.security.reactive.PathRequest;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
@@ -78,6 +79,13 @@ public class SampleSecureWebFluxCustomSecurityTests {
|
||||
.expectStatus().isOk();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void actuatorExcludedFromEndpointRequestMatcher() {
|
||||
this.webClient.get().uri("/actuator/mappings").accept(MediaType.APPLICATION_JSON)
|
||||
.header("Authorization", "basic " + getBasicAuth()).exchange()
|
||||
.expectStatus().isOk();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void staticResourceShouldBeAccessible() {
|
||||
this.webClient.get().uri("/css/bootstrap.min.css")
|
||||
@@ -100,7 +108,7 @@ public class SampleSecureWebFluxCustomSecurityTests {
|
||||
@Bean
|
||||
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http.authorizeExchange().matchers(EndpointRequest.to("health", "info"))
|
||||
.permitAll().matchers(EndpointRequest.toAnyEndpoint())
|
||||
.permitAll().matchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class))
|
||||
.hasRole("ACTUATOR")
|
||||
.matchers(PathRequest.toStaticResources().atCommonLocations())
|
||||
.permitAll().pathMatchers("/login").permitAll().anyExchange()
|
||||
|
||||
Reference in New Issue
Block a user