-
Phillip Webb authored
Update ManagementSecurityAutoConfiguration so that MVC Endpoints that have Principal arguments are not treated in any special way. This restores Spring Boot 1.1.x behavior where the 'sensitive' flag is used to determine access rules. The HealthMvcEndpoint still uses the Principal (when available) to determine if full status information can be displayed. It now also explicitly checks the environment for `endpoints.health.sensitive` to determine if the user has opted-out and requires complete health details. The health MVC endpoint should now work as follows: * Default configuration - No login is required, full information is only displayed if a Principal is available. * endpoints.health.sensitive=true - Login is required, full information is displayed. * endpoints.health.sensitive=false - Login is not required, full information is displayed. Fixes gh-2211
98135c96
