Skip to content

S
spring-boot
Commit 00b85e8c authored by Dave Syer's avatar Dave Syer
Browse files
Options

Ensure path starts with "/" in ErrorController 

When mapping the ErrorController path to Spring Security it's
important that it starts with "/". This change ensures that is
the case even if the user has omitted the leading "/".

Fixes gh-694
parent 506e5766
Hide whitespace changes
Inline Side-by-side
Showing with 17 additions and 1 deletion
spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java
View file @ 00b85e8c
...@@ -55,6 +55,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur ...@@ -55,6 +55,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint; import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.util.StringUtils;
/** /**
* {@link EnableAutoConfiguration Auto-configuration} for security of framework endpoints. * {@link EnableAutoConfiguration Auto-configuration} for security of framework endpoints.
...@@ -142,11 +143,19 @@ public class ManagementSecurityAutoConfiguration { ...@@ -142,11 +143,19 @@ public class ManagementSecurityAutoConfiguration {
ignored.remove("none"); ignored.remove("none");
} }
if (this.errorController != null) { if (this.errorController != null) {
ignored.add(this.errorController.getErrorPath()); ignored.add(normalizePath(this.errorController.getErrorPath()));
} }
ignoring.antMatchers(ignored.toArray(new String[0])); ignoring.antMatchers(ignored.toArray(new String[0]));
} }
private String normalizePath(String errorPath) {
String result = StringUtils.cleanPath(errorPath);
if (!result.startsWith("/")) {
result = "/" + result;
}
return result;
}
} }
@Configuration @Configuration
......
spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfigurationTests.java
View file @ 00b85e8c
...@@ -40,6 +40,7 @@ import org.springframework.security.core.userdetails.UserDetails; ...@@ -40,6 +40,7 @@ import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.FilterChainProxy; import org.springframework.security.web.FilterChainProxy;
import org.springframework.test.util.ReflectionTestUtils; import org.springframework.test.util.ReflectionTestUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext; import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
...@@ -79,6 +80,12 @@ public class ManagementSecurityAutoConfigurationTests { ...@@ -79,6 +80,12 @@ public class ManagementSecurityAutoConfigurationTests {
.size()); .size());
} }
@Test
public void testPathNormalization() throws Exception {
String path = "admin/./error";
assertEquals("admin/error", StringUtils.cleanPath(path));
}
@Test @Test
public void testWebConfigurationWithExtraRole() throws Exception { public void testWebConfigurationWithExtraRole() throws Exception {
this.context = new AnnotationConfigWebApplicationContext(); this.context = new AnnotationConfigWebApplicationContext();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment