Fix security config

The management endpoints were still all mixed up
with the user endpoints. Fixed that and extracted
user endpoints in to conditional block so not
protected if path explicitly set to empty string.

[#53029715]

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/SecurityAutoConfiguration.java

@@ -17,7 +17,6 @@
 package org.springframework.boot.actuate.autoconfigure;
 
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.List;
 
 import org.apache.commons.logging.Log;
@@ -141,12 +140,17 @@ public class SecurityAutoConfiguration {
 				http.httpBasic().and().anonymous().disable();
 				ExpressionUrlAuthorizationConfigurer<HttpSecurity> authorizeUrls = http
 						.authorizeUrls();
-				if (getEndpointPaths(true).length > 0) {
+				String[] paths = getEndpointPaths(true);
+				if (paths.length > 0) {
 					authorizeUrls.antMatchers(getEndpointPaths(true)).hasRole(
 							this.management.getUser().getRole());
 				}
-				authorizeUrls.antMatchers(getSecureApplicationPaths())
-						.hasRole(this.security.getBasic().getRole()).and().httpBasic();
+				paths = getSecureApplicationPaths();
+				if (paths.length > 0) {
+					authorizeUrls.antMatchers(getSecureApplicationPaths()).hasRole(
+							this.security.getBasic().getRole());
+				}
+				authorizeUrls.and().httpBasic();
 			}
 
 			// No cookies for service endpoints by default
@@ -164,7 +168,6 @@ public class SecurityAutoConfiguration {
 					list.add(path);
 				}
 			}
-			list.addAll(Arrays.asList(getEndpointPaths(true)));
 			return list.toArray(new String[list.size()]);
 		}
 

spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jdbc/AbstractDataSourceConfiguration.java

@@ -37,7 +37,7 @@ public abstract class AbstractDataSourceConfiguration implements BeanClassLoader
 
 	private String password = "";
 
-	private int maxActive = 8;
+	private int maxActive = 100;
 
 	private int maxIdle = 8;
 

spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationPortTests.java

@@ -28,7 +28,6 @@ import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.ops.ui.SampleActuatorUiApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -63,7 +62,7 @@ public class SampleActuatorUiApplicationPortTests {
 										.run(SampleActuatorUiApplication.class, args);
 							}
 						});
-		context = future.get(10, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass

spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationTests.java

@@ -28,7 +28,6 @@ import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.ops.ui.SampleActuatorUiApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
@@ -63,7 +62,7 @@ public class SampleActuatorUiApplicationTests {
 										.run(SampleActuatorUiApplication.class);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass

spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/EndpointsPropertiesSampleActuatorApplicationTests.java

@@ -28,7 +28,6 @@ import java.util.concurrent.TimeUnit;
 import org.junit.After;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.ops.SampleActuatorApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpRequest;
 import org.springframework.http.HttpStatus;
@@ -64,7 +63,7 @@ public class EndpointsPropertiesSampleActuatorApplicationTests {
 										.run(configuration, args);
 							}
 						});
-		this.context = future.get(10, TimeUnit.SECONDS);
+		this.context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@After

spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementAddressSampleActuatorApplicationTests.java

@@ -71,7 +71,7 @@ public class ManagementAddressSampleActuatorApplicationTests {
 										.run(SampleActuatorApplication.class, args);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass

spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementSampleActuatorApplicationTests.java

@@ -27,7 +27,6 @@ import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.ops.SampleActuatorApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -62,7 +61,7 @@ public class ManagementSampleActuatorApplicationTests {
 										.run(SampleActuatorApplication.class, args);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass

spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/NoManagementSampleActuatorApplicationTests.java

@@ -69,7 +69,7 @@ public class NoManagementSampleActuatorApplicationTests {
 										.run(SampleActuatorApplication.class, args);
 							}
 						});
-		context = future.get(10, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass

spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/SampleActuatorApplicationTests.java

@@ -67,7 +67,7 @@ public class SampleActuatorApplicationTests {
 										.run(SampleActuatorApplication.class);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass

spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ShutdownSampleActuatorApplicationTests.java

@@ -66,7 +66,7 @@ public class ShutdownSampleActuatorApplicationTests {
 										.run(SampleActuatorApplication.class);
 							}
 						});
-		context = future.get(10, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass

spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/UnsecureSampleActuatorApplicationTests.java

@@ -27,7 +27,6 @@ import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.ops.SampleActuatorApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -60,7 +59,7 @@ public class UnsecureSampleActuatorApplicationTests {
 												"--security.basic.enabled=false");
 							}
 						});
-		context = future.get(10, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass

spring-boot-samples/spring-boot-sample-jetty/src/test/java/org/springframework/boot/sample/jetty/SampleJettyApplicationTests.java

@@ -26,7 +26,6 @@ import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.jetty.SampleJettyApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -56,7 +55,7 @@ public class SampleJettyApplicationTests {
 										.run(SampleJettyApplication.class);
 							}
 						});
-		context = future.get(10, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass

spring-boot-samples/spring-boot-sample-traditional/src/test/java/org/springframework/boot/sample/traditional/SampleTraditionalApplicationTests.java

@@ -26,7 +26,6 @@ import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.traditional.SampleTraditionalApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -57,7 +56,7 @@ public class SampleTraditionalApplicationTests {
 										.run(SampleTraditionalApplication.class);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass

spring-boot-samples/spring-boot-sample-web-static/src/test/java/org/springframework/boot/sample/ui/SampleWebStaticApplicationTests.java

@@ -41,7 +41,7 @@ public class SampleWebStaticApplicationTests {
 										.run(SampleWebStaticApplication.class);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass

spring-boot-samples/spring-boot-sample-web-ui/src/test/java/org/springframework/boot/sample/ui/SampleWebUiApplicationTests.java

@@ -11,7 +11,6 @@ import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.ui.SampleWebUiApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -45,7 +44,7 @@ public class SampleWebUiApplicationTests {
 										.run(SampleWebUiApplication.class);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass

spring-boot-samples/spring-boot-sample-websocket/src/test/java/org/springframework/boot/samples/websocket/echo/SampleWebSocketsApplicationTests.java

@@ -59,7 +59,7 @@ public class SampleWebSocketsApplicationTests {
 										.run(SampleWebSocketsApplication.class);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass