Don't set deefault password if empty or unresolved

0f012c58 · Dave Syer · ec779495 · 0f012c58 · 0f012c58
Commit 0f012c58 authored Aug 22, 2013 by Dave Syer
Showing with 27 additions and 2 deletions

SecurityProperties.java ...framework/boot/actuate/properties/SecurityProperties.java +6 -1

SecurityPropertiesTests.java ...work/boot/actuate/properties/SecurityPropertiesTests.java +21 -1

No files found.
--- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/properties/SecurityProperties.java
+++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/properties/SecurityProperties.java
@@ -20,6 +20,7 @@ import java.util.UUID;

 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.util.StringUtils;

 /**
 * Properties for the security aspects of an application.
@@ -148,7 +149,7 @@ public class SecurityProperties {

 		private String role = "USER";

-		private boolean defaultPassword;
+		private boolean defaultPassword = true;

 		public String getName() {
 			return this.name;
@@ -163,6 +164,10 @@ public class SecurityProperties {
 		}

 		public void setPassword(String password) {
+			if (password.startsWith("${") && password.endsWith("}")
+					|| !StringUtils.hasLength(password)) {
+				return;
+			}
 			this.defaultPassword = false;
 			this.password = password;
 		}

--- a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/properties/SecurityPropertiesTests.java
+++ b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/properties/SecurityPropertiesTests.java
@@ -20,12 +20,12 @@ import java.util.Collections;

 import org.junit.Test;
 import org.springframework.beans.MutablePropertyValues;
-import org.springframework.boot.actuate.properties.SecurityProperties;
 import org.springframework.boot.bind.RelaxedDataBinder;
 import org.springframework.core.convert.support.DefaultConversionService;

 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;

 /**
 * Tests for {@link SecurityProperties}.
@@ -55,4 +55,24 @@ public class SecurityPropertiesTests {
 		assertEquals(2, security.getIgnored().length);
 	}

+	@Test
+	public void testDefaultPasswordAutogeneratedIfUnresolovedPlaceholder() {
+		SecurityProperties security = new SecurityProperties();
+		RelaxedDataBinder binder = new RelaxedDataBinder(security, "security");
+		binder.bind(new MutablePropertyValues(Collections.singletonMap(
+				"security.user.password", "${ADMIN_PASSWORD}")));
+		assertFalse(binder.getBindingResult().hasErrors());
+		assertTrue(security.getUser().isDefaultPassword());
+	}
+
+	@Test
+	public void testDefaultPasswordAutogeneratedIfEmpty() {
+		SecurityProperties security = new SecurityProperties();
+		RelaxedDataBinder binder = new RelaxedDataBinder(security, "security");
+		binder.bind(new MutablePropertyValues(Collections.singletonMap(
+				"security.user.password", "")));
+		assertFalse(binder.getBindingResult().hasErrors());
+		assertTrue(security.getUser().isDefaultPassword());
+	}
+
 }