Extend HealthMvcEndpoint for Cloud Foundry

The CloudFoundryHealthMvcEndpoint does not perform additional security checks since security is handled by the interceptor. See gh-7108

Extend HealthMvcEndpoint for Cloud Foundry
The CloudFoundryHealthMvcEndpoint does not perform additional security checks since security is handled by the interceptor. See gh-7108
af612782 · Madhura Bhave · a3bcb277 · af612782 · af612782 · af612782
Commit af612782 authored Nov 08, 2016 by Madhura Bhave
6 changed files
--- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/cloudfoundry/AccessLevel.java
+++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/cloudfoundry/AccessLevel.java
@@ -49,7 +49,7 @@ enum AccessLevel {
 	/**
 	 * Returns if the access level should allow access to the specified endpoint path.
-	 * @param endpointPath the endpoitn path
+	 * @param endpointPath the endpoint path
 	 * @return {@code true} if access is allowed
 	 */
 	public boolean isAccessAllowed(String endpointPath) {

--- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/cloudfoundry/CloudFoundryEndpointHandlerMapping.java
+++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/cloudfoundry/CloudFoundryEndpointHandlerMapping.java
@@ -27,6 +27,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.springframework.boot.actuate.endpoint.Endpoint;
 import org.springframework.boot.actuate.endpoint.mvc.AbstractEndpointHandlerMapping;
 import org.springframework.boot.actuate.endpoint.mvc.HalJsonMvcEndpoint;
+import org.springframework.boot.actuate.endpoint.mvc.HealthMvcEndpoint;
 import org.springframework.boot.actuate.endpoint.mvc.MvcEndpoint;
 import org.springframework.boot.actuate.endpoint.mvc.NamedMvcEndpoint;
 import org.springframework.web.cors.CorsConfiguration;
@@ -54,10 +55,20 @@ class CloudFoundryEndpointHandlerMapping
 	protected void postProcessEndpoints(Set<NamedMvcEndpoint> endpoints) {
 		super.postProcessEndpoints(endpoints);
 		Iterator<NamedMvcEndpoint> iterator = endpoints.iterator();
+		HealthMvcEndpoint healthMvcEndpoint = null;
 		while (iterator.hasNext()) {
-			if (iterator.next() instanceof HalJsonMvcEndpoint) {
+			NamedMvcEndpoint endpoint = iterator.next();
+			if (endpoint instanceof HalJsonMvcEndpoint) {
 				iterator.remove();
 			}
+			else if (endpoint instanceof HealthMvcEndpoint) {
+				iterator.remove();
+				healthMvcEndpoint = (HealthMvcEndpoint) endpoint;
+			}
+		}
+		if (healthMvcEndpoint != null) {
+			endpoints.add(
+					new CloudFoundryHealthMvcEndpoint(healthMvcEndpoint.getDelegate()));
 		}
 	}

--- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/cloudfoundry/CloudFoundryHealthMvcEndpoint.java
+++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/cloudfoundry/CloudFoundryHealthMvcEndpoint.java
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.boot.actuate.cloudfoundry;
+import java.security.Principal;
+import org.springframework.boot.actuate.endpoint.HealthEndpoint;
+import org.springframework.boot.actuate.endpoint.mvc.HealthMvcEndpoint;
+/**
+ * Extension of {@link HealthMvcEndpoint} for Cloud Foundry. Since security for Cloud
+ * Foundry actuators is already handled by the {@link CloudFoundrySecurityInterceptor},
+ * this endpoint skips the additional security checks done by the regular
+ * {@link HealthMvcEndpoint}.
+ *
+ * @author Madhura Bhave
+ */
+class CloudFoundryHealthMvcEndpoint extends HealthMvcEndpoint {
+	CloudFoundryHealthMvcEndpoint(HealthEndpoint delegate) {
+		super(delegate);
+	}
+	@Override
+	protected boolean exposeHealthDetails(Principal principal) {
+		return true;
+	}
+}
--- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/HealthMvcEndpoint.java
+++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/HealthMvcEndpoint.java
@@ -178,7 +178,7 @@ public class HealthMvcEndpoint extends AbstractEndpointMvcAdapter<HealthEndpoint
 		return (accessTime - this.lastAccess) >= getDelegate().getTimeToLive();
 	}
-	private boolean exposeHealthDetails(Principal principal) {
+	protected boolean exposeHealthDetails(Principal principal) {
 		return isSecure(principal) || isUnrestricted();
 	}

--- a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/cloudfoundry/CloudFoundryEndpointHandlerMappingTests.java
+++ b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/cloudfoundry/CloudFoundryEndpointHandlerMappingTests.java
@@ -22,11 +22,15 @@ import org.junit.Test;
 import org.mockito.Mockito;
 import org.springframework.boot.actuate.endpoint.AbstractEndpoint;
+import org.springframework.boot.actuate.endpoint.HealthEndpoint;
 import org.springframework.boot.actuate.endpoint.mvc.AbstractEndpointHandlerMappingTests;
 import org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter;
 import org.springframework.boot.actuate.endpoint.mvc.HalJsonMvcEndpoint;
+import org.springframework.boot.actuate.endpoint.mvc.HealthMvcEndpoint;
 import org.springframework.boot.actuate.endpoint.mvc.ManagementServletContext;
 import org.springframework.boot.actuate.endpoint.mvc.NamedMvcEndpoint;
+import org.springframework.boot.actuate.health.HealthIndicator;
+import org.springframework.boot.actuate.health.OrderedHealthAggregator;
 import org.springframework.context.support.StaticApplicationContext;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.web.method.HandlerMethod;
@@ -88,6 +92,23 @@ public class CloudFoundryEndpointHandlerMappingTests
 				.isInstanceOf(CloudFoundryDiscoveryMvcEndpoint.class);
 	}
+	@Test
+	public void registersCloudFoundryHealthEndpoint() throws Exception {
+		StaticApplicationContext context = new StaticApplicationContext();
+		HealthEndpoint delegate = new HealthEndpoint(new OrderedHealthAggregator(),
+				Collections.<String, HealthIndicator>emptyMap());
+		CloudFoundryEndpointHandlerMapping handlerMapping = new CloudFoundryEndpointHandlerMapping(
+				Collections.singleton(new TestHealthMvcEndpoint(delegate)), null, null);
+		handlerMapping.setPrefix("/test");
+		handlerMapping.setApplicationContext(context);
+		handlerMapping.afterPropertiesSet();
+		HandlerExecutionChain handler = handlerMapping
+				.getHandler(new MockHttpServletRequest("GET", "/test/health"));
+		HandlerMethod handlerMethod = (HandlerMethod) handler.getHandler();
+		Object handlerMethodBean = handlerMethod.getBean();
+		assertThat(handlerMethodBean).isInstanceOf(CloudFoundryHealthMvcEndpoint.class);
+	}
 	private static class TestEndpoint extends AbstractEndpoint<Object> {
 		TestEndpoint(String id) {
@@ -124,4 +145,12 @@ public class CloudFoundryEndpointHandlerMappingTests
 	}
+	private static class TestHealthMvcEndpoint extends HealthMvcEndpoint {
+		TestHealthMvcEndpoint(HealthEndpoint delegate) {
+			super(delegate);
+		}
+	}
 }
--- a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/cloudfoundry/CloudFoundryHealthMvcEndpointTests.java
+++ b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/cloudfoundry/CloudFoundryHealthMvcEndpointTests.java
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.boot.actuate.cloudfoundry;
+import org.junit.Test;
+import org.springframework.boot.actuate.endpoint.HealthEndpoint;
+import org.springframework.boot.actuate.health.Health;
+import org.springframework.boot.actuate.health.Status;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.mock;
+/**
+ * Tests for {@link CloudFoundryHealthMvcEndpoint}.
+ *
+ * @author Madhura Bhave
+ */
+public class CloudFoundryHealthMvcEndpointTests {
+	@Test
+	public void cloudFoundryHealthEndpointShouldAlwaysReturnAllHealthDetails()
+			throws Exception {
+		HealthEndpoint endpoint = mock(HealthEndpoint.class);
+		given(endpoint.isEnabled()).willReturn(true);
+		CloudFoundryHealthMvcEndpoint mvc = new CloudFoundryHealthMvcEndpoint(endpoint);
+		given(endpoint.invoke())
+				.willReturn(new Health.Builder().up().withDetail("foo", "bar").build());
+		given(endpoint.isSensitive()).willReturn(false);
+		Object result = mvc.invoke(null);
+		assertThat(result instanceof Health).isTrue();
+		assertThat(((Health) result).getStatus() == Status.UP).isTrue();
+		assertThat(((Health) result).getDetails().get("foo")).isEqualTo("bar");
+	}
+}