Allow security.ignored to be set as a list (e.g. indexed)

In particular this allows a YAML externalization as an array
as opposed to a CSV.

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/SecurityAutoConfiguration.java

@@ -187,7 +187,7 @@ public class SecurityAutoConfiguration {
 		@Override
 		public void configure(WebSecurity builder) throws Exception {
 			IgnoredRequestConfigurer ignoring = builder.ignoring();
-			ignoring.antMatchers(this.security.getIgnored());
+			ignoring.antMatchers(this.security.getIgnoredPaths());
 			if (this.errorController != null) {
 				ignoring.antMatchers(this.errorController.getErrorPath());
 			}

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/properties/SecurityProperties.java

@@ -16,6 +16,8 @@
 
 package org.springframework.boot.actuate.properties;
 
+import java.util.ArrayList;
+import java.util.List;
 import java.util.UUID;
 
 import org.springframework.boot.context.properties.ConfigurationProperties;
@@ -41,8 +43,12 @@ public class SecurityProperties {
 
 	private SessionCreationPolicy sessions = SessionCreationPolicy.STATELESS;
 
-	private String[] ignored = new String[] { "/css/**", "/js/**", "/images/**",
-			"/**/favicon.ico" };
+	private List<String> emptyIgnored = new ArrayList<String>();
+
+	private List<String> ignored = this.emptyIgnored;
+
+	private static String[] DEFAULT_IGNORED = new String[] { "/css/**", "/js/**",
+			"/images/**", "/**/favicon.ico" };
 
 	private Management management = new Management();
 
@@ -92,14 +98,21 @@ public class SecurityProperties {
 		this.enableCsrf = enableCsrf;
 	}
 
-	public void setIgnored(String... ignored) {
-		this.ignored = ignored;
+	public void setIgnored(List<String> ignored) {
+		this.ignored = new ArrayList<String>(ignored);
 	}
 
-	public String[] getIgnored() {
+	public List<String> getIgnored() {
 		return this.ignored;
 	}
 
+	public String[] getIgnoredPaths() {
+		if (this.ignored == this.emptyIgnored) {
+			return DEFAULT_IGNORED;
+		}
+		return this.ignored.toArray(new String[this.ignored.size()]);
+	}
+
 	public static class Headers {
 
 		public static enum HSTS {

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/properties/SecurityPropertiesTests.java

@@ -17,6 +17,8 @@
 package org.springframework.boot.actuate.properties;
 
 import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 
 import org.junit.Test;
 import org.springframework.beans.MutablePropertyValues;
@@ -41,7 +43,7 @@ public class SecurityPropertiesTests {
 		binder.bind(new MutablePropertyValues(Collections.singletonMap(
 				"security.ignored", "/css/**")));
 		assertFalse(binder.getBindingResult().hasErrors());
-		assertEquals(1, security.getIgnored().length);
+		assertEquals(1, security.getIgnored().size());
 	}
 
 	@Test
@@ -52,7 +54,20 @@ public class SecurityPropertiesTests {
 		binder.bind(new MutablePropertyValues(Collections.singletonMap(
 				"security.ignored", "/css/**,/images/**")));
 		assertFalse(binder.getBindingResult().hasErrors());
-		assertEquals(2, security.getIgnored().length);
+		assertEquals(2, security.getIgnored().size());
+	}
+
+	@Test
+	public void testBindingIgnoredMultiValuedList() {
+		SecurityProperties security = new SecurityProperties();
+		RelaxedDataBinder binder = new RelaxedDataBinder(security, "security");
+		binder.setConversionService(new DefaultConversionService());
+		Map<String, String> map = new HashMap<String, String>();
+		map.put("security.ignored[0]", "/css/**");
+		map.put("security.ignored[1]", "images/**");
+		binder.bind(new MutablePropertyValues(map));
+		assertFalse(binder.getBindingResult().hasErrors());
+		assertEquals(2, security.getIgnored().size());
 	}
 
 	@Test