Ensure path starts with "/" in ErrorController

When mapping the ErrorController path to Spring Security it's
important that it starts with "/". This change ensures that is
the case even if the user has omitted the leading "/".

Fixes gh-694

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java

@@ -55,6 +55,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
+import org.springframework.util.StringUtils;
 
 /**
  * {@link EnableAutoConfiguration Auto-configuration} for security of framework endpoints.
@@ -142,11 +143,19 @@ public class ManagementSecurityAutoConfiguration {
 				ignored.remove("none");
 			}
 			if (this.errorController != null) {
-				ignored.add(this.errorController.getErrorPath());
+				ignored.add(normalizePath(this.errorController.getErrorPath()));
 			}
 			ignoring.antMatchers(ignored.toArray(new String[0]));
 		}
 
+		private String normalizePath(String errorPath) {
+			String result = StringUtils.cleanPath(errorPath);
+			if (!result.startsWith("/")) {
+				result = "/" + result;
+			}
+			return result;
+		}
+
 	}
 
 	@Configuration

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfigurationTests.java

@@ -40,6 +40,7 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.web.FilterChainProxy;
 import org.springframework.test.util.ReflectionTestUtils;
+import org.springframework.util.StringUtils;
 import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
 
 import static org.junit.Assert.assertEquals;
@@ -79,6 +80,12 @@ public class ManagementSecurityAutoConfigurationTests {
 				.size());
 	}
 
+	@Test
+	public void testPathNormalization() throws Exception {
+		String path = "admin/./error";
+		assertEquals("admin/error", StringUtils.cleanPath(path));
+	}
+
 	@Test
 	public void testWebConfigurationWithExtraRole() throws Exception {
 		this.context = new AnnotationConfigWebApplicationContext();