From 3603cb4ad980d209f08722ebbc0ac8b090997ead Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Mon, 10 Feb 2025 09:02:49 +0000 Subject: [PATCH] Fix matching against context with implicit server namespace Closes gh-44188 --- .../security/servlet/EndpointRequest.java | 12 +++++++++--- .../security/servlet/EndpointRequestTests.java | 13 ++++++++----- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequest.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequest.java index 3a85bc89452..6fcc1630625 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequest.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequest.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2024 the original author or authors. + * Copyright 2012-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -184,8 +184,14 @@ public final class EndpointRequest { protected final boolean hasWebServerNamespace(ApplicationContext applicationContext, WebServerNamespace webServerNamespace) { return WebServerApplicationContext.hasServerNamespace(applicationContext, webServerNamespace.getValue()) - || (webServerNamespace.equals(WebServerNamespace.SERVER) - && !(applicationContext instanceof WebServerApplicationContext)); + || hasImplicitServerNamespace(applicationContext, webServerNamespace); + } + + private boolean hasImplicitServerNamespace(ApplicationContext applicationContext, + WebServerNamespace webServerNamespace) { + return WebServerNamespace.SERVER.equals(webServerNamespace) + && WebServerApplicationContext.getServerNamespace(applicationContext) == null + && applicationContext.getParent() == null; } @Override diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequestTests.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequestTests.java index ac07f1d6ef7..101cec3d91a 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequestTests.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequestTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2024 the original author or authors. + * Copyright 2012-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -340,9 +340,12 @@ class EndpointRequestTests { } private RequestMatcherAssert assertMatcher(RequestMatcher matcher, PathMappedEndpoints pathMappedEndpoints, - RequestMatcherProvider matcherProvider, WebServerNamespace webServerNamespace) { - StaticWebApplicationContext context = (webServerNamespace != null) - ? new NamedStaticWebApplicationContext(webServerNamespace) : new StaticWebApplicationContext(); + RequestMatcherProvider matcherProvider, WebServerNamespace namespace) { + StaticWebApplicationContext context = new StaticWebApplicationContext(); + if (namespace != null && !WebServerNamespace.SERVER.equals(namespace)) { + NamedStaticWebApplicationContext parentContext = new NamedStaticWebApplicationContext(namespace); + context.setParent(parentContext); + } context.registerBean(WebEndpointProperties.class); if (pathMappedEndpoints != null) { context.registerBean(PathMappedEndpoints.class, () -> pathMappedEndpoints); @@ -373,7 +376,7 @@ class EndpointRequestTests { @Override public String getServerNamespace() { - return this.webServerNamespace.getValue(); + return (this.webServerNamespace != null) ? this.webServerNamespace.getValue() : null; } }