Add MockMvc-based integration tests for management.security.enabled

See gh-3997

Add MockMvc-based integration tests for management.security.enabled
See gh-3997
ff5e4631 · Andy Wilkinson · a76e84ad · ff5e4631 · ff5e4631
Commit ff5e4631 authored Sep 30, 2015 by Andy Wilkinson
Hide whitespace changes
Inline Side-by-side

Showing with 51 additions and 1 deletion

pom.xml spring-boot-actuator/pom.xml +5 -0

MvcEndpointIntegrationTests.java ...oot/actuate/endpoint/mvc/MvcEndpointIntegrationTests.java +46 -1

No files found.
--- a/spring-boot-actuator/pom.xml
+++ b/spring-boot-actuator/pom.xml
@@ -312,5 +312,10 @@
 			<artifactId>spring-data-rest-webmvc</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-test</artifactId>
+			<scope>test</scope>
+		</dependency>
 	</dependencies>
 </project>
--- a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpointIntegrationTests.java
+++ b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpointIntegrationTests.java
@@ -20,22 +20,30 @@ import org.junit.Test;
 import org.springframework.boot.actuate.autoconfigure.EndpointAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.EndpointWebMvcAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.ManagementServerPropertiesAutoConfiguration;
+import org.springframework.boot.actuate.autoconfigure.ManagementWebSecurityAutoConfiguration;
 import org.springframework.boot.autoconfigure.PropertyPlaceholderAutoConfiguration;
 import org.springframework.boot.autoconfigure.data.rest.RepositoryRestMvcAutoConfiguration;
 import org.springframework.boot.autoconfigure.hateoas.HypermediaAutoConfiguration;
 import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
 import org.springframework.boot.autoconfigure.test.ImportAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.HttpMessageConvertersAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.WebMvcAutoConfiguration;
 import org.springframework.boot.test.EnvironmentTestUtils;
+import org.springframework.context.annotation.Import;
 import org.springframework.mock.web.MockServletContext;
 import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.DefaultMockMvcBuilder;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.test.web.servlet.setup.MockMvcConfigurer;
 import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
 import static org.hamcrest.Matchers.startsWith;
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 /**
 * Integration tests for the Actuator's MVC endpoints.
@@ -73,6 +81,24 @@ public class MvcEndpointIntegrationTests {
 		assertIndentedJsonResponse(SpringDataRestConfiguration.class);
 	}
+	@Test
+	public void endpointsAreSecureByDefault() throws Exception {
+		this.context = new AnnotationConfigWebApplicationContext();
+		this.context.register(SecureConfiguration.class);
+		MockMvc mockMvc = createSecureMockMvc();
+		mockMvc.perform(get("/beans")).andExpect(status().isUnauthorized());
+	}
+	@Test
+	public void endpointSecurityCanBeDisabled() throws Exception {
+		this.context = new AnnotationConfigWebApplicationContext();
+		this.context.register(SecureConfiguration.class);
+		EnvironmentTestUtils.addEnvironment(this.context,
+				"management.security.enabled:false");
+		MockMvc mockMvc = createSecureMockMvc();
+		mockMvc.perform(get("/beans")).andDo(print()).andExpect(status().isOk());
+	}
 	private void assertIndentedJsonResponse(Class<?> configuration) throws Exception {
 		this.context = new AnnotationConfigWebApplicationContext();
 		this.context.register(configuration);
@@ -84,9 +110,21 @@ public class MvcEndpointIntegrationTests {
 	}
 	private MockMvc createMockMvc() {
+		return doCreateMockMvc();
+	}
+	private MockMvc createSecureMockMvc() {
+		return doCreateMockMvc(springSecurity());
+	}
+	private MockMvc doCreateMockMvc(MockMvcConfigurer... configurers) {
 		this.context.setServletContext(new MockServletContext());
 		this.context.refresh();
-		return MockMvcBuilders.webAppContextSetup(this.context).build();
+		DefaultMockMvcBuilder builder = MockMvcBuilders.webAppContextSetup(this.context);
+		for (MockMvcConfigurer configurer : configurers) {
+			builder.apply(configurer);
+		}
+		return builder.build();
 	}
 	@ImportAutoConfiguration({ JacksonAutoConfiguration.class,
@@ -117,4 +155,11 @@ public class MvcEndpointIntegrationTests {
 	}
+	@Import(DefaultConfiguration.class)
+	@ImportAutoConfiguration({ SecurityAutoConfiguration.class,
+			ManagementWebSecurityAutoConfiguration.class })
+	static class SecureConfiguration {
+	}
 }