Switch show details default to ShowDetails.NEVER

Closes gh-11869

Switch show details default to ShowDetails.NEVER
Closes gh-11869
349987d9 · Phillip Webb · 46021928 · 349987d9 · 349987d9 · 349987d9
Commit 349987d9 authored Feb 21, 2018 by Phillip Webb
4 changed files
--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/health/HealthEndpointProperties.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/health/HealthEndpointProperties.java
@@ -34,7 +34,7 @@ public class HealthEndpointProperties {
 	/**
 	 * When to show full health details.
 	 */
-	private ShowDetails showDetails = ShowDetails.WHEN_AUTHORIZED;
+	private ShowDetails showDetails = ShowDetails.NEVER;

 	/**
 	 * Roles used to determine whether or not a user is authorized to be shown details.

--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/health/HealthEndpointWebExtensionTests.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/health/HealthEndpointWebExtensionTests.java
@@ -90,17 +90,34 @@ public class HealthEndpointWebExtensionTests {
 	}

 	@Test
-	public void authenticatedUsersAreShownDetailsByDefault() {
+	public void authenticatedUsersAreNotShownDetailsByDefault() {
 		this.contextRunner.run((context) -> {
 			HealthEndpointWebExtension extension = context
 					.getBean(HealthEndpointWebExtension.class);
 			SecurityContext securityContext = mock(SecurityContext.class);
 			given(securityContext.getPrincipal()).willReturn(mock(Principal.class));
 			assertThat(extension.getHealth(securityContext).getBody().getDetails())
-					.isNotEmpty();
+					.isEmpty();
 		});
 	}

+	@Test
+	public void authenticatedUsersWhenAuthorizedCanBeShownDetails() {
+		this.contextRunner
+				.withPropertyValues(
+						"management.endpoint.health.show-details=when-authorized")
+				.run((context) -> {
+					HealthEndpointWebExtension extension = context
+							.getBean(HealthEndpointWebExtension.class);
+					SecurityContext securityContext = mock(SecurityContext.class);
+					given(securityContext.getPrincipal())
+							.willReturn(mock(Principal.class));
+					assertThat(
+							extension.getHealth(securityContext).getBody().getDetails())
+									.isNotEmpty();
+				});
+	}
+
 	@Test
 	public void unauthenticatedUsersCanBeShownDetails() {
 		this.contextRunner

--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/health/ReactiveHealthEndpointWebExtensionTests.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/health/ReactiveHealthEndpointWebExtensionTests.java
@@ -86,7 +86,9 @@ public class ReactiveHealthEndpointWebExtensionTests {

 	@Test
 	public void regularAndReactiveHealthIndicatorsMatch() {
-		this.contextRunner.withUserConfiguration(HealthIndicatorsConfiguration.class)
+		this.contextRunner
+				.withPropertyValues("management.endpoint.health.show-details=always")
+				.withUserConfiguration(HealthIndicatorsConfiguration.class)
 				.run((context) -> {
 					HealthEndpoint endpoint = context.getBean(HealthEndpoint.class);
 					ReactiveHealthEndpointWebExtension extension = context
@@ -115,17 +117,33 @@ public class ReactiveHealthEndpointWebExtensionTests {
 	}

 	@Test
-	public void authenticatedUsersAreShownDetailsByDefault() {
+	public void authenticatedUsersAreNotShownDetailsByDefault() {
 		this.contextRunner.run((context) -> {
 			ReactiveHealthEndpointWebExtension extension = context
 					.getBean(ReactiveHealthEndpointWebExtension.class);
 			SecurityContext securityContext = mock(SecurityContext.class);
 			given(securityContext.getPrincipal()).willReturn(mock(Principal.class));
 			assertThat(extension.health(securityContext).block().getBody().getDetails())
-					.isNotEmpty();
+					.isEmpty();
 		});
 	}

+	@Test
+	public void authenticatedUsersWhenAuthorizedCanBeShownDetails() {
+		this.contextRunner
+				.withPropertyValues(
+						"management.endpoint.health.show-details=when-authorized")
+				.run((context) -> {
+					ReactiveHealthEndpointWebExtension extension = context
+							.getBean(ReactiveHealthEndpointWebExtension.class);
+					SecurityContext securityContext = mock(SecurityContext.class);
+					given(securityContext.getPrincipal())
+							.willReturn(mock(Principal.class));
+					assertThat(extension.health(securityContext).block().getBody()
+							.getDetails()).isNotEmpty();
+				});
+	}
+
 	@Test
 	public void unauthenticatedUsersCanBeShownDetails() {
 		this.contextRunner

--- a/spring-boot-project/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc
+++ b/spring-boot-project/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc
@@ -531,7 +531,7 @@ following values:
 |Details are shown to all users.
 |===

-The default value is `when-authorized`. A user is considered to be authorized when they
+The default value is `never`. A user is considered to be authorized when they
 are in one or more of the endpoint's roles. If the endpoint has no configured roles
 (the default) all authenticated users are considered to be authorized. The roles can
 be configured using the `management.endpoint.health.roles` property.