Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Sign in / Register
Toggle navigation
S
spring-boot
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
DEMO
spring-boot
Commits
f1012c10
Commit
f1012c10
authored
Mar 02, 2017
by
Phillip Webb
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Polish
parent
031c9bf1
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
30 additions
and
35 deletions
+30
-35
MvcEndpointSecurityInterceptor.java
.../actuate/endpoint/mvc/MvcEndpointSecurityInterceptor.java
+3
-2
MvcEndpointSecurityInterceptorTests.java
...ate/endpoint/mvc/MvcEndpointSecurityInterceptorTests.java
+9
-5
NoSpringSecurityMvcEndpointSecurityInterceptorTests.java
.../NoSpringSecurityMvcEndpointSecurityInterceptorTests.java
+6
-3
ConditionalOnBeanTests.java
.../boot/autoconfigure/condition/ConditionalOnBeanTests.java
+1
-1
WebSocketAutoConfigurationTests.java
...oconfigure/websocket/WebSocketAutoConfigurationTests.java
+1
-1
ApplicationBuilder.java
...ngframework/boot/context/embedded/ApplicationBuilder.java
+1
-1
AbstractDependencyFilterMojo.java
...ingframework/boot/maven/AbstractDependencyFilterMojo.java
+6
-20
DependencyFilterMojoTests.java
...springframework/boot/maven/DependencyFilterMojoTests.java
+3
-2
No files found.
spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpointSecurityInterceptor.java
View file @
f1012c10
/*
/*
* Copyright 2012-201
6
the original author or authors.
* Copyright 2012-201
7
the original author or authors.
*
*
* Licensed under the Apache License, Version 2.0 (the "License");
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* you may not use this file except in compliance with the License.
...
@@ -128,7 +128,8 @@ public class MvcEndpointSecurityInterceptor extends HandlerInterceptorAdapter {
...
@@ -128,7 +128,8 @@ public class MvcEndpointSecurityInterceptor extends HandlerInterceptorAdapter {
private
class
AuthoritiesValidator
{
private
class
AuthoritiesValidator
{
private
boolean
hasAuthority
(
String
role
)
{
private
boolean
hasAuthority
(
String
role
)
{
Authentication
authentication
=
SecurityContextHolder
.
getContext
().
getAuthentication
();
Authentication
authentication
=
SecurityContextHolder
.
getContext
()
.
getAuthentication
();
if
(
authentication
!=
null
)
{
if
(
authentication
!=
null
)
{
for
(
GrantedAuthority
authority
:
authentication
.
getAuthorities
())
{
for
(
GrantedAuthority
authority
:
authentication
.
getAuthorities
())
{
if
(
authority
.
getAuthority
().
equals
(
role
))
{
if
(
authority
.
getAuthority
().
equals
(
role
))
{
...
...
spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpointSecurityInterceptorTests.java
View file @
f1012c10
/*
/*
* Copyright 2012-201
6
the original author or authors.
* Copyright 2012-201
7
the original author or authors.
*
*
* Licensed under the Apache License, Version 2.0 (the "License");
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* you may not use this file except in compliance with the License.
...
@@ -130,11 +130,13 @@ public class MvcEndpointSecurityInterceptorTests {
...
@@ -130,11 +130,13 @@ public class MvcEndpointSecurityInterceptorTests {
}
}
@Test
@Test
public
void
sensitiveEndpointIfRoleNotCorrectShouldCheckAuthorities
()
throws
Exception
{
public
void
sensitiveEndpointIfRoleNotCorrectShouldCheckAuthorities
()
throws
Exception
{
Principal
principal
=
mock
(
Principal
.
class
);
Principal
principal
=
mock
(
Principal
.
class
);
this
.
request
.
setUserPrincipal
(
principal
);
this
.
request
.
setUserPrincipal
(
principal
);
Authentication
authentication
=
mock
(
Authentication
.
class
);
Authentication
authentication
=
mock
(
Authentication
.
class
);
Set
<
SimpleGrantedAuthority
>
authorities
=
Collections
.
singleton
(
new
SimpleGrantedAuthority
(
"SUPER_HERO"
));
Set
<
SimpleGrantedAuthority
>
authorities
=
Collections
.
singleton
(
new
SimpleGrantedAuthority
(
"SUPER_HERO"
));
doReturn
(
authorities
).
when
(
authentication
).
getAuthorities
();
doReturn
(
authorities
).
when
(
authentication
).
getAuthorities
();
SecurityContextHolder
.
getContext
().
setAuthentication
(
authentication
);
SecurityContextHolder
.
getContext
().
setAuthentication
(
authentication
);
assertThat
(
this
.
securityInterceptor
.
preHandle
(
this
.
request
,
this
.
response
,
assertThat
(
this
.
securityInterceptor
.
preHandle
(
this
.
request
,
this
.
response
,
...
@@ -142,11 +144,13 @@ public class MvcEndpointSecurityInterceptorTests {
...
@@ -142,11 +144,13 @@ public class MvcEndpointSecurityInterceptorTests {
}
}
@Test
@Test
public
void
sensitiveEndpointIfRoleAndAuthoritiesNotCorrectShouldNotAllowAccess
()
throws
Exception
{
public
void
sensitiveEndpointIfRoleAndAuthoritiesNotCorrectShouldNotAllowAccess
()
throws
Exception
{
Principal
principal
=
mock
(
Principal
.
class
);
Principal
principal
=
mock
(
Principal
.
class
);
this
.
request
.
setUserPrincipal
(
principal
);
this
.
request
.
setUserPrincipal
(
principal
);
Authentication
authentication
=
mock
(
Authentication
.
class
);
Authentication
authentication
=
mock
(
Authentication
.
class
);
Set
<
SimpleGrantedAuthority
>
authorities
=
Collections
.
singleton
(
new
SimpleGrantedAuthority
(
"HERO"
));
Set
<
SimpleGrantedAuthority
>
authorities
=
Collections
.
singleton
(
new
SimpleGrantedAuthority
(
"HERO"
));
doReturn
(
authorities
).
when
(
authentication
).
getAuthorities
();
doReturn
(
authorities
).
when
(
authentication
).
getAuthorities
();
SecurityContextHolder
.
getContext
().
setAuthentication
(
authentication
);
SecurityContextHolder
.
getContext
().
setAuthentication
(
authentication
);
assertThat
(
this
.
securityInterceptor
.
preHandle
(
this
.
request
,
this
.
response
,
assertThat
(
this
.
securityInterceptor
.
preHandle
(
this
.
request
,
this
.
response
,
...
...
spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/NoSpringSecurityMvcEndpointSecurityInterceptorTests.java
View file @
f1012c10
/*
/*
* Copyright 2012-201
6
the original author or authors.
* Copyright 2012-201
7
the original author or authors.
*
*
* Licensed under the Apache License, Version 2.0 (the "License");
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* you may not use this file except in compliance with the License.
...
@@ -39,6 +39,8 @@ import static org.assertj.core.api.Assertions.assertThat;
...
@@ -39,6 +39,8 @@ import static org.assertj.core.api.Assertions.assertThat;
import
static
org
.
mockito
.
Mockito
.
mock
;
import
static
org
.
mockito
.
Mockito
.
mock
;
/**
/**
* Tests for {@link MvcEndpointSecurityInterceptor} when Spring Security is not available.
*
* @author Madhura Bhave
* @author Madhura Bhave
*/
*/
@RunWith
(
ModifiedClassPathRunner
.
class
)
@RunWith
(
ModifiedClassPathRunner
.
class
)
...
@@ -77,7 +79,8 @@ public class NoSpringSecurityMvcEndpointSecurityInterceptorTests {
...
@@ -77,7 +79,8 @@ public class NoSpringSecurityMvcEndpointSecurityInterceptorTests {
}
}
@Test
@Test
public
void
sensitiveEndpointIfRoleNotPresentShouldNotValidateAuthorities
()
throws
Exception
{
public
void
sensitiveEndpointIfRoleNotPresentShouldNotValidateAuthorities
()
throws
Exception
{
Principal
principal
=
mock
(
Principal
.
class
);
Principal
principal
=
mock
(
Principal
.
class
);
this
.
request
.
setUserPrincipal
(
principal
);
this
.
request
.
setUserPrincipal
(
principal
);
this
.
servletContext
.
declareRoles
(
"HERO"
);
this
.
servletContext
.
declareRoles
(
"HERO"
);
...
@@ -105,5 +108,5 @@ public class NoSpringSecurityMvcEndpointSecurityInterceptorTests {
...
@@ -105,5 +108,5 @@ public class NoSpringSecurityMvcEndpointSecurityInterceptorTests {
}
}
}
}
}
}
spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/condition/ConditionalOnBeanTests.java
View file @
f1012c10
/*
/*
* Copyright 2012-201
6
the original author or authors.
* Copyright 2012-201
7
the original author or authors.
*
*
* Licensed under the Apache License, Version 2.0 (the "License");
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* you may not use this file except in compliance with the License.
...
...
spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/websocket/WebSocketAutoConfigurationTests.java
View file @
f1012c10
/*
/*
* Copyright 2012-201
6
the original author or authors.
* Copyright 2012-201
7
the original author or authors.
*
*
* Licensed under the Apache License, Version 2.0 (the "License");
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* you may not use this file except in compliance with the License.
...
...
spring-boot-integration-tests/spring-boot-integration-tests-embedded-servlet-container/src/test/java/org/springframework/boot/context/embedded/ApplicationBuilder.java
View file @
f1012c10
/*
/*
* Copyright 2012-201
6
the original author or authors.
* Copyright 2012-201
7
the original author or authors.
*
*
* Licensed under the Apache License, Version 2.0 (the "License");
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* you may not use this file except in compliance with the License.
...
...
spring-boot-tools/spring-boot-maven-plugin/src/main/java/org/springframework/boot/maven/AbstractDependencyFilterMojo.java
View file @
f1012c10
...
@@ -16,7 +16,7 @@
...
@@ -16,7 +16,7 @@
package
org
.
springframework
.
boot
.
maven
;
package
org
.
springframework
.
boot
.
maven
;
import
java.util.
Iterator
;
import
java.util.
LinkedHashSet
;
import
java.util.List
;
import
java.util.List
;
import
java.util.Set
;
import
java.util.Set
;
import
java.util.StringTokenizer
;
import
java.util.StringTokenizer
;
...
@@ -87,29 +87,15 @@ public abstract class AbstractDependencyFilterMojo extends AbstractMojo {
...
@@ -87,29 +87,15 @@ public abstract class AbstractDependencyFilterMojo extends AbstractMojo {
this
.
excludeArtifactIds
=
excludeArtifactIds
;
this
.
excludeArtifactIds
=
excludeArtifactIds
;
}
}
@SuppressWarnings
(
"unchecked"
)
protected
Set
<
Artifact
>
filterDependencies
(
Set
<
Artifact
>
dependencies
,
protected
Set
<
Artifact
>
filterDependencies
(
Set
<
Artifact
>
dependencies
,
FilterArtifacts
filters
)
throws
MojoExecutionException
{
FilterArtifacts
filters
)
throws
MojoExecutionException
{
List
<
ArtifactsFilter
>
artifactsFilters
=
filters
.
getFilters
();
try
{
try
{
for
(
ArtifactsFilter
filter
:
artifactsFilters
)
{
Set
<
Artifact
>
filtered
=
new
LinkedHashSet
<
Artifact
>(
dependencies
);
Set
<
Artifact
>
result
=
filter
.
filter
(
dependencies
);
filtered
.
retainAll
(
filters
.
filter
(
dependencies
));
applyFiltering
(
dependencies
,
result
);
return
filtered
;
}
return
dependencies
;
}
catch
(
ArtifactFilterException
e
)
{
throw
new
MojoExecutionException
(
e
.
getMessage
(),
e
);
}
}
}
catch
(
ArtifactFilterException
ex
)
{
throw
new
MojoExecutionException
(
ex
.
getMessage
(),
ex
);
private
void
applyFiltering
(
Set
<
Artifact
>
original
,
Set
<
Artifact
>
filtered
)
{
Iterator
<
Artifact
>
iterator
=
original
.
iterator
();
while
(
iterator
.
hasNext
())
{
Artifact
element
=
iterator
.
next
();
if
(!
filtered
.
contains
(
element
))
{
iterator
.
remove
();
}
}
}
}
}
...
...
spring-boot-tools/spring-boot-maven-plugin/src/test/java/org/springframework/boot/maven/DependencyFilterMojoTests.java
View file @
f1012c10
...
@@ -103,7 +103,7 @@ public class DependencyFilterMojoTests {
...
@@ -103,7 +103,7 @@ public class DependencyFilterMojoTests {
}
}
@Test
@Test
public
void
filterExcludeKeepOrder
()
throws
MojoExecutionException
{
public
void
filterExcludeKeepOrder
()
throws
MojoExecutionException
{
Exclude
exclude
=
new
Exclude
();
Exclude
exclude
=
new
Exclude
();
exclude
.
setGroupId
(
"com.bar"
);
exclude
.
setGroupId
(
"com.bar"
);
exclude
.
setArtifactId
(
"two"
);
exclude
.
setArtifactId
(
"two"
);
...
@@ -121,7 +121,8 @@ public class DependencyFilterMojoTests {
...
@@ -121,7 +121,8 @@ public class DependencyFilterMojoTests {
return
createArtifact
(
groupId
,
artifactId
,
null
);
return
createArtifact
(
groupId
,
artifactId
,
null
);
}
}
private
static
Artifact
createArtifact
(
String
groupId
,
String
artifactId
,
String
scope
)
{
private
static
Artifact
createArtifact
(
String
groupId
,
String
artifactId
,
String
scope
)
{
Artifact
a
=
mock
(
Artifact
.
class
);
Artifact
a
=
mock
(
Artifact
.
class
);
given
(
a
.
getGroupId
()).
willReturn
(
groupId
);
given
(
a
.
getGroupId
()).
willReturn
(
groupId
);
given
(
a
.
getArtifactId
()).
willReturn
(
artifactId
);
given
(
a
.
getArtifactId
()).
willReturn
(
artifactId
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment