Check if managementServerProperties.getSecurity() is not null

before checking isEnabled(). It is explicitly constructed as null in ManagementServerProperties to prevent class not found errors at runtime when Security is not on the classpath. Fixes gh-2003, fixes gh-2004

Check if managementServerProperties.getSecurity() is not null
before checking isEnabled(). It is explicitly constructed as null in ManagementServerProperties to prevent class not found errors at runtime when Security is not on the classpath. Fixes gh-2003, fixes gh-2004
2fb4d2ec · Spencer Gibb · Dave Syer · 3bb598a4 · 2fb4d2ec
Commit 2fb4d2ec authored Nov 25, 2014 by Spencer Gibb Committed by Dave Syer Nov 26, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

EndpointWebMvcAutoConfiguration.java ...ctuate/autoconfigure/EndpointWebMvcAutoConfiguration.java +2 -1

No files found.
--- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/EndpointWebMvcAutoConfiguration.java
+++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/EndpointWebMvcAutoConfiguration.java
@@ -165,7 +165,8 @@ public class EndpointWebMvcAutoConfiguration implements ApplicationContextAware,
 	@ConditionalOnProperty(prefix = "endpoints.health", name = "enabled", matchIfMissing = true)
 	public HealthMvcEndpoint healthMvcEndpoint(HealthEndpoint delegate) {
 		HealthMvcEndpoint healthMvcEndpoint = new HealthMvcEndpoint(delegate);
-		boolean secure = this.managementServerProperties.getSecurity().isEnabled()
+		boolean secure = this.managementServerProperties.getSecurity() != null
+				&& this.managementServerProperties.getSecurity().isEnabled()
 				&& ClassUtils.isPresent(
 						"org.springframework.security.core.Authentication", null);
 		delegate.setSensitive(secure);