Fix security config

The management endpoints were still all mixed up with the user endpoints. Fixed that and extracted user endpoints in to conditional block so not protected if path explicitly set to empty string. [#53029715]

Fix security config
The management endpoints were still all mixed up with the user endpoints. Fixed that and extracted user endpoints in to conditional block so not protected if path explicitly set to empty string. [#53029715]
43fc1074 · Dave Syer · Phillip Webb · 6498f0e8 · 43fc1074 · 43fc1074
Commit 43fc1074 authored Aug 22, 2013 by Dave Syer Committed by Phillip Webb Sep 06, 2013
16 changed files
--- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/SecurityAutoConfiguration.java
+++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/SecurityAutoConfiguration.java
@@ -17,7 +17,6 @@
 package org.springframework.boot.actuate.autoconfigure;

 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.List;

 import org.apache.commons.logging.Log;
@@ -141,12 +140,17 @@ public class SecurityAutoConfiguration {
 				http.httpBasic().and().anonymous().disable();
 				ExpressionUrlAuthorizationConfigurer<HttpSecurity> authorizeUrls = http
 						.authorizeUrls();
-				if (getEndpointPaths(true).length > 0) {
+				String[] paths = getEndpointPaths(true);
+				if (paths.length > 0) {
 					authorizeUrls.antMatchers(getEndpointPaths(true)).hasRole(
 							this.management.getUser().getRole());
 				}
-				authorizeUrls.antMatchers(getSecureApplicationPaths())
-						.hasRole(this.security.getBasic().getRole()).and().httpBasic();
+				paths = getSecureApplicationPaths();
+				if (paths.length > 0) {
+					authorizeUrls.antMatchers(getSecureApplicationPaths()).hasRole(
+							this.security.getBasic().getRole());
+				}
+				authorizeUrls.and().httpBasic();
 			}

 			// No cookies for service endpoints by default
@@ -164,7 +168,6 @@ public class SecurityAutoConfiguration {
 					list.add(path);
 				}
 			}
-			list.addAll(Arrays.asList(getEndpointPaths(true)));
 			return list.toArray(new String[list.size()]);
 		}


--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jdbc/AbstractDataSourceConfiguration.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jdbc/AbstractDataSourceConfiguration.java
@@ -37,7 +37,7 @@ public abstract class AbstractDataSourceConfiguration implements BeanClassLoader

 	private String password = "";

-	private int maxActive = 8;
+	private int maxActive = 100;

 	private int maxIdle = 8;


--- a/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationPortTests.java
+++ b/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationPortTests.java
@@ -28,7 +28,6 @@ import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.ops.ui.SampleActuatorUiApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -63,7 +62,7 @@ public class SampleActuatorUiApplicationPortTests {
 										.run(SampleActuatorUiApplication.class, args);
 							}
 						});
-		context = future.get(10, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}

 	@AfterClass

--- a/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationTests.java
+++ b/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationTests.java
@@ -28,7 +28,6 @@ import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.ops.ui.SampleActuatorUiApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
@@ -63,7 +62,7 @@ public class SampleActuatorUiApplicationTests {
 										.run(SampleActuatorUiApplication.class);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}

 	@AfterClass

--- a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/EndpointsPropertiesSampleActuatorApplicationTests.java
+++ b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/EndpointsPropertiesSampleActuatorApplicationTests.java
@@ -28,7 +28,6 @@ import java.util.concurrent.TimeUnit;
 import org.junit.After;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.ops.SampleActuatorApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpRequest;
 import org.springframework.http.HttpStatus;
@@ -64,7 +63,7 @@ public class EndpointsPropertiesSampleActuatorApplicationTests {
 										.run(configuration, args);
 							}
 						});
-		this.context = future.get(10, TimeUnit.SECONDS);
+		this.context = future.get(60, TimeUnit.SECONDS);
 	}

 	@After

--- a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementAddressSampleActuatorApplicationTests.java
+++ b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementAddressSampleActuatorApplicationTests.java
@@ -71,7 +71,7 @@ public class ManagementAddressSampleActuatorApplicationTests {
 										.run(SampleActuatorApplication.class, args);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}

 	@AfterClass

--- a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementSampleActuatorApplicationTests.java
+++ b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementSampleActuatorApplicationTests.java
@@ -27,7 +27,6 @@ import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.ops.SampleActuatorApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -62,7 +61,7 @@ public class ManagementSampleActuatorApplicationTests {
 										.run(SampleActuatorApplication.class, args);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}

 	@AfterClass

--- a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/NoManagementSampleActuatorApplicationTests.java
+++ b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/NoManagementSampleActuatorApplicationTests.java
@@ -69,7 +69,7 @@ public class NoManagementSampleActuatorApplicationTests {
 										.run(SampleActuatorApplication.class, args);
 							}
 						});
-		context = future.get(10, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}

 	@AfterClass

--- a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/SampleActuatorApplicationTests.java
+++ b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/SampleActuatorApplicationTests.java
@@ -67,7 +67,7 @@ public class SampleActuatorApplicationTests {
 										.run(SampleActuatorApplication.class);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}

 	@AfterClass

--- a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ShutdownSampleActuatorApplicationTests.java
+++ b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ShutdownSampleActuatorApplicationTests.java
@@ -66,7 +66,7 @@ public class ShutdownSampleActuatorApplicationTests {
 										.run(SampleActuatorApplication.class);
 							}
 						});
-		context = future.get(10, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}

 	@AfterClass

--- a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/UnsecureSampleActuatorApplicationTests.java
+++ b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/UnsecureSampleActuatorApplicationTests.java
@@ -27,7 +27,6 @@ import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.ops.SampleActuatorApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -60,7 +59,7 @@ public class UnsecureSampleActuatorApplicationTests {
 												"--security.basic.enabled=false");
 							}
 						});
-		context = future.get(10, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}

 	@AfterClass

--- a/spring-boot-samples/spring-boot-sample-jetty/src/test/java/org/springframework/boot/sample/jetty/SampleJettyApplicationTests.java
+++ b/spring-boot-samples/spring-boot-sample-jetty/src/test/java/org/springframework/boot/sample/jetty/SampleJettyApplicationTests.java
@@ -26,7 +26,6 @@ import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.jetty.SampleJettyApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -56,7 +55,7 @@ public class SampleJettyApplicationTests {
 										.run(SampleJettyApplication.class);
 							}
 						});
-		context = future.get(10, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}

 	@AfterClass

--- a/spring-boot-samples/spring-boot-sample-traditional/src/test/java/org/springframework/boot/sample/traditional/SampleTraditionalApplicationTests.java
+++ b/spring-boot-samples/spring-boot-sample-traditional/src/test/java/org/springframework/boot/sample/traditional/SampleTraditionalApplicationTests.java
@@ -26,7 +26,6 @@ import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.traditional.SampleTraditionalApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -57,7 +56,7 @@ public class SampleTraditionalApplicationTests {
 										.run(SampleTraditionalApplication.class);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}

 	@AfterClass

--- a/spring-boot-samples/spring-boot-sample-web-static/src/test/java/org/springframework/boot/sample/ui/SampleWebStaticApplicationTests.java
+++ b/spring-boot-samples/spring-boot-sample-web-static/src/test/java/org/springframework/boot/sample/ui/SampleWebStaticApplicationTests.java
@@ -41,7 +41,7 @@ public class SampleWebStaticApplicationTests {
 										.run(SampleWebStaticApplication.class);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}

 	@AfterClass

--- a/spring-boot-samples/spring-boot-sample-web-ui/src/test/java/org/springframework/boot/sample/ui/SampleWebUiApplicationTests.java
+++ b/spring-boot-samples/spring-boot-sample-web-ui/src/test/java/org/springframework/boot/sample/ui/SampleWebUiApplicationTests.java
@@ -11,7 +11,6 @@ import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.ui.SampleWebUiApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -45,7 +44,7 @@ public class SampleWebUiApplicationTests {
 										.run(SampleWebUiApplication.class);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}

 	@AfterClass

--- a/spring-boot-samples/spring-boot-sample-websocket/src/test/java/org/springframework/boot/samples/websocket/echo/SampleWebSocketsApplicationTests.java
+++ b/spring-boot-samples/spring-boot-sample-websocket/src/test/java/org/springframework/boot/samples/websocket/echo/SampleWebSocketsApplicationTests.java
@@ -59,7 +59,7 @@ public class SampleWebSocketsApplicationTests {
 										.run(SampleWebSocketsApplication.class);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}

 	@AfterClass