Make EndpointRequestMatcher#excluding public

Fixes gh-12354
This commit is contained in:
Madhura Bhave
2018-03-05 16:04:45 -08:00
parent 44c48ec5a8
commit e6eca04af2
5 changed files with 22 additions and 6 deletions

View File

@@ -23,6 +23,7 @@ import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.actuate.autoconfigure.security.reactive.EndpointRequest;
import org.springframework.boot.actuate.web.mappings.MappingsEndpoint;
import org.springframework.boot.autoconfigure.security.reactive.PathRequest;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.context.annotation.Bean;
@@ -78,6 +79,13 @@ public class SampleSecureWebFluxCustomSecurityTests {
.expectStatus().isOk();
}
@Test
public void actuatorExcludedFromEndpointRequestMatcher() {
this.webClient.get().uri("/actuator/mappings").accept(MediaType.APPLICATION_JSON)
.header("Authorization", "basic " + getBasicAuth()).exchange()
.expectStatus().isOk();
}
@Test
public void staticResourceShouldBeAccessible() {
this.webClient.get().uri("/css/bootstrap.min.css")
@@ -100,7 +108,7 @@ public class SampleSecureWebFluxCustomSecurityTests {
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http.authorizeExchange().matchers(EndpointRequest.to("health", "info"))
.permitAll().matchers(EndpointRequest.toAnyEndpoint())
.permitAll().matchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class))
.hasRole("ACTUATOR")
.matchers(PathRequest.toStaticResources().atCommonLocations())
.permitAll().pathMatchers("/login").permitAll().anyExchange()