From 720e801a7626b61a9e96e195de5cdb968a7221bd Mon Sep 17 00:00:00 2001
From: Vedran Pavic <vedran.pavic@gmail.com>
Date: Tue, 25 Apr 2017 23:57:32 +0200
Subject: [PATCH] Make Audit events MVC endpoint `after` parameter required

Closes gh-9002
---
 .../endpoint/mvc/AuditEventsMvcEndpoint.java       |  2 +-
 .../endpoint/mvc/AuditEventsMvcEndpointTests.java  | 14 +++++++++++---
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/AuditEventsMvcEndpoint.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/AuditEventsMvcEndpoint.java
index b8661cd13cf..b0ec145a7b9 100644
--- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/AuditEventsMvcEndpoint.java
+++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/AuditEventsMvcEndpoint.java
@@ -51,7 +51,7 @@ public class AuditEventsMvcEndpoint extends AbstractNamedMvcEndpoint {
 	@ResponseBody
 	public ResponseEntity<?> findByPrincipalAndAfterAndType(
 			@RequestParam(required = false) String principal,
-			@RequestParam(required = false) @DateTimeFormat(pattern = "yyyy-MM-dd'T'HH:mm:ssZ") Date after,
+			@RequestParam @DateTimeFormat(pattern = "yyyy-MM-dd'T'HH:mm:ssZ") Date after,
 			@RequestParam(required = false) String type) {
 		if (!isEnabled()) {
 			return DISABLED_RESPONSE;
diff --git a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/AuditEventsMvcEndpointTests.java b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/AuditEventsMvcEndpointTests.java
index ab9f4859689..1bb5d500168 100644
--- a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/AuditEventsMvcEndpointTests.java
+++ b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/AuditEventsMvcEndpointTests.java
@@ -74,15 +74,17 @@ public class AuditEventsMvcEndpointTests {
 
 	@Test
 	public void contentTypeDefaultsToActuatorV2Json() throws Exception {
-		this.mvc.perform(get("/application/auditevents")).andExpect(status().isOk())
+		this.mvc.perform(get("/application/auditevents").param("after", "2016-11-01T10:00:00+0000"))
+				.andExpect(status().isOk())
 				.andExpect(header().string("Content-Type",
 						"application/vnd.spring-boot.actuator.v2+json;charset=UTF-8"));
 	}
 
 	@Test
 	public void contentTypeCanBeApplicationJson() throws Exception {
-		this.mvc.perform(get("/application/auditevents").header(HttpHeaders.ACCEPT,
-				MediaType.APPLICATION_JSON_VALUE)).andExpect(status().isOk())
+		this.mvc.perform(get("/application/auditevents").param("after", "2016-11-01T10:00:00+0000")
+				.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE))
+				.andExpect(status().isOk())
 				.andExpect(header().string("Content-Type",
 						MediaType.APPLICATION_JSON_UTF8_VALUE));
 	}
@@ -121,6 +123,12 @@ public class AuditEventsMvcEndpointTests {
 				.andExpect(content().string(not(containsString("login"))));
 	}
 
+	@Test
+	public void invokeFilterWithoutDateAfterReturnBadRequestStatus() throws Exception {
+		this.mvc.perform(get("/application/auditevents"))
+				.andExpect(status().isBadRequest());
+	}
+
 	@Import({ JacksonAutoConfiguration.class,
 			HttpMessageConvertersAutoConfiguration.class,
 			EndpointWebMvcAutoConfiguration.class, WebMvcAutoConfiguration.class })