From d852f2996ab52d16bce285f3bc3de9c3dde07975 Mon Sep 17 00:00:00 2001 From: Dave Syer Date: Thu, 22 Aug 2013 11:43:17 +0100 Subject: [PATCH] Fix security config The management endpoints were still all mixed up with the user endpoints. Fixed that and extracted user endpoints in to conditional block so not protected if path explicitly set to empty string. [#53029715] --- .../autoconfigure/SecurityAutoConfiguration.java | 13 ++++++++----- .../jdbc/AbstractDataSourceConfiguration.java | 2 +- .../ui/SampleActuatorUiApplicationPortTests.java | 3 +-- .../ops/ui/SampleActuatorUiApplicationTests.java | 3 +-- ...ntsPropertiesSampleActuatorApplicationTests.java | 3 +-- ...gementAddressSampleActuatorApplicationTests.java | 2 +- .../ManagementSampleActuatorApplicationTests.java | 3 +-- .../NoManagementSampleActuatorApplicationTests.java | 2 +- .../sample/ops/SampleActuatorApplicationTests.java | 2 +- .../ops/ShutdownSampleActuatorApplicationTests.java | 2 +- .../ops/UnsecureSampleActuatorApplicationTests.java | 3 +-- .../sample/jetty/SampleJettyApplicationTests.java | 3 +-- .../SampleTraditionalApplicationTests.java | 3 +-- .../sample/ui/SampleWebStaticApplicationTests.java | 2 +- .../boot/sample/ui/SampleWebUiApplicationTests.java | 3 +-- .../echo/SampleWebSocketsApplicationTests.java | 2 +- 16 files changed, 23 insertions(+), 28 deletions(-) diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/SecurityAutoConfiguration.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/SecurityAutoConfiguration.java index 7c15bb7e3a1..b2ee7f02220 100644 --- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/SecurityAutoConfiguration.java +++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/SecurityAutoConfiguration.java @@ -17,7 +17,6 @@ package org.springframework.boot.actuate.autoconfigure; import java.util.ArrayList; -import java.util.Arrays; import java.util.List; import org.apache.commons.logging.Log; @@ -141,12 +140,17 @@ public class SecurityAutoConfiguration { http.httpBasic().and().anonymous().disable(); ExpressionUrlAuthorizationConfigurer authorizeUrls = http .authorizeUrls(); - if (getEndpointPaths(true).length > 0) { + String[] paths = getEndpointPaths(true); + if (paths.length > 0) { authorizeUrls.antMatchers(getEndpointPaths(true)).hasRole( this.management.getUser().getRole()); } - authorizeUrls.antMatchers(getSecureApplicationPaths()) - .hasRole(this.security.getBasic().getRole()).and().httpBasic(); + paths = getSecureApplicationPaths(); + if (paths.length > 0) { + authorizeUrls.antMatchers(getSecureApplicationPaths()).hasRole( + this.security.getBasic().getRole()); + } + authorizeUrls.and().httpBasic(); } // No cookies for service endpoints by default @@ -164,7 +168,6 @@ public class SecurityAutoConfiguration { list.add(path); } } - list.addAll(Arrays.asList(getEndpointPaths(true))); return list.toArray(new String[list.size()]); } diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jdbc/AbstractDataSourceConfiguration.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jdbc/AbstractDataSourceConfiguration.java index 7e4c7340b38..3880a9fe993 100644 --- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jdbc/AbstractDataSourceConfiguration.java +++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jdbc/AbstractDataSourceConfiguration.java @@ -37,7 +37,7 @@ public abstract class AbstractDataSourceConfiguration implements BeanClassLoader private String password = ""; - private int maxActive = 8; + private int maxActive = 100; private int maxIdle = 8; diff --git a/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationPortTests.java b/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationPortTests.java index 13550ec35db..4ca1331ebfb 100644 --- a/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationPortTests.java +++ b/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationPortTests.java @@ -28,7 +28,6 @@ import org.junit.BeforeClass; import org.junit.Ignore; import org.junit.Test; import org.springframework.boot.SpringApplication; -import org.springframework.boot.sample.ops.ui.SampleActuatorUiApplication; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -63,7 +62,7 @@ public class SampleActuatorUiApplicationPortTests { .run(SampleActuatorUiApplication.class, args); } }); - context = future.get(10, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationTests.java index adea9753c1a..aa5f4b3ff56 100644 --- a/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationTests.java @@ -28,7 +28,6 @@ import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; import org.springframework.boot.SpringApplication; -import org.springframework.boot.sample.ops.ui.SampleActuatorUiApplication; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.http.HttpEntity; import org.springframework.http.HttpHeaders; @@ -63,7 +62,7 @@ public class SampleActuatorUiApplicationTests { .run(SampleActuatorUiApplication.class); } }); - context = future.get(30, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/EndpointsPropertiesSampleActuatorApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/EndpointsPropertiesSampleActuatorApplicationTests.java index ba27534f713..eaf1d9219ab 100644 --- a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/EndpointsPropertiesSampleActuatorApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/EndpointsPropertiesSampleActuatorApplicationTests.java @@ -28,7 +28,6 @@ import java.util.concurrent.TimeUnit; import org.junit.After; import org.junit.Test; import org.springframework.boot.SpringApplication; -import org.springframework.boot.sample.ops.SampleActuatorApplication; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.http.HttpRequest; import org.springframework.http.HttpStatus; @@ -64,7 +63,7 @@ public class EndpointsPropertiesSampleActuatorApplicationTests { .run(configuration, args); } }); - this.context = future.get(10, TimeUnit.SECONDS); + this.context = future.get(60, TimeUnit.SECONDS); } @After diff --git a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementAddressSampleActuatorApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementAddressSampleActuatorApplicationTests.java index 0467040c03b..dedbdae170c 100644 --- a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementAddressSampleActuatorApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementAddressSampleActuatorApplicationTests.java @@ -71,7 +71,7 @@ public class ManagementAddressSampleActuatorApplicationTests { .run(SampleActuatorApplication.class, args); } }); - context = future.get(30, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementSampleActuatorApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementSampleActuatorApplicationTests.java index da55b6d02e2..8d5f4a1fff3 100644 --- a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementSampleActuatorApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementSampleActuatorApplicationTests.java @@ -27,7 +27,6 @@ import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; import org.springframework.boot.SpringApplication; -import org.springframework.boot.sample.ops.SampleActuatorApplication; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -62,7 +61,7 @@ public class ManagementSampleActuatorApplicationTests { .run(SampleActuatorApplication.class, args); } }); - context = future.get(30, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/NoManagementSampleActuatorApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/NoManagementSampleActuatorApplicationTests.java index 2567eab31a3..af11652ada4 100644 --- a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/NoManagementSampleActuatorApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/NoManagementSampleActuatorApplicationTests.java @@ -69,7 +69,7 @@ public class NoManagementSampleActuatorApplicationTests { .run(SampleActuatorApplication.class, args); } }); - context = future.get(10, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/SampleActuatorApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/SampleActuatorApplicationTests.java index abadbd8c3af..a1e8a26df44 100644 --- a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/SampleActuatorApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/SampleActuatorApplicationTests.java @@ -67,7 +67,7 @@ public class SampleActuatorApplicationTests { .run(SampleActuatorApplication.class); } }); - context = future.get(30, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ShutdownSampleActuatorApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ShutdownSampleActuatorApplicationTests.java index b166c66b817..f3b7f522f77 100644 --- a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ShutdownSampleActuatorApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ShutdownSampleActuatorApplicationTests.java @@ -66,7 +66,7 @@ public class ShutdownSampleActuatorApplicationTests { .run(SampleActuatorApplication.class); } }); - context = future.get(10, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/UnsecureSampleActuatorApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/UnsecureSampleActuatorApplicationTests.java index b44b65b54bd..f5e32838b74 100644 --- a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/UnsecureSampleActuatorApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/UnsecureSampleActuatorApplicationTests.java @@ -27,7 +27,6 @@ import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; import org.springframework.boot.SpringApplication; -import org.springframework.boot.sample.ops.SampleActuatorApplication; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -60,7 +59,7 @@ public class UnsecureSampleActuatorApplicationTests { "--security.basic.enabled=false"); } }); - context = future.get(10, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-jetty/src/test/java/org/springframework/boot/sample/jetty/SampleJettyApplicationTests.java b/spring-boot-samples/spring-boot-sample-jetty/src/test/java/org/springframework/boot/sample/jetty/SampleJettyApplicationTests.java index 963895904c5..d06dfe304ec 100644 --- a/spring-boot-samples/spring-boot-sample-jetty/src/test/java/org/springframework/boot/sample/jetty/SampleJettyApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-jetty/src/test/java/org/springframework/boot/sample/jetty/SampleJettyApplicationTests.java @@ -26,7 +26,6 @@ import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; import org.springframework.boot.SpringApplication; -import org.springframework.boot.sample.jetty.SampleJettyApplication; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -56,7 +55,7 @@ public class SampleJettyApplicationTests { .run(SampleJettyApplication.class); } }); - context = future.get(10, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-traditional/src/test/java/org/springframework/boot/sample/traditional/SampleTraditionalApplicationTests.java b/spring-boot-samples/spring-boot-sample-traditional/src/test/java/org/springframework/boot/sample/traditional/SampleTraditionalApplicationTests.java index 7e920c41d89..a42b48aa156 100644 --- a/spring-boot-samples/spring-boot-sample-traditional/src/test/java/org/springframework/boot/sample/traditional/SampleTraditionalApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-traditional/src/test/java/org/springframework/boot/sample/traditional/SampleTraditionalApplicationTests.java @@ -26,7 +26,6 @@ import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; import org.springframework.boot.SpringApplication; -import org.springframework.boot.sample.traditional.SampleTraditionalApplication; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -57,7 +56,7 @@ public class SampleTraditionalApplicationTests { .run(SampleTraditionalApplication.class); } }); - context = future.get(30, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-web-static/src/test/java/org/springframework/boot/sample/ui/SampleWebStaticApplicationTests.java b/spring-boot-samples/spring-boot-sample-web-static/src/test/java/org/springframework/boot/sample/ui/SampleWebStaticApplicationTests.java index 1e0d3329196..abd1ecad1d4 100644 --- a/spring-boot-samples/spring-boot-sample-web-static/src/test/java/org/springframework/boot/sample/ui/SampleWebStaticApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-web-static/src/test/java/org/springframework/boot/sample/ui/SampleWebStaticApplicationTests.java @@ -41,7 +41,7 @@ public class SampleWebStaticApplicationTests { .run(SampleWebStaticApplication.class); } }); - context = future.get(30, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-web-ui/src/test/java/org/springframework/boot/sample/ui/SampleWebUiApplicationTests.java b/spring-boot-samples/spring-boot-sample-web-ui/src/test/java/org/springframework/boot/sample/ui/SampleWebUiApplicationTests.java index 802da775440..4be487bd8dd 100644 --- a/spring-boot-samples/spring-boot-sample-web-ui/src/test/java/org/springframework/boot/sample/ui/SampleWebUiApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-web-ui/src/test/java/org/springframework/boot/sample/ui/SampleWebUiApplicationTests.java @@ -11,7 +11,6 @@ import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; import org.springframework.boot.SpringApplication; -import org.springframework.boot.sample.ui.SampleWebUiApplication; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -45,7 +44,7 @@ public class SampleWebUiApplicationTests { .run(SampleWebUiApplication.class); } }); - context = future.get(30, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass diff --git a/spring-boot-samples/spring-boot-sample-websocket/src/test/java/org/springframework/boot/samples/websocket/echo/SampleWebSocketsApplicationTests.java b/spring-boot-samples/spring-boot-sample-websocket/src/test/java/org/springframework/boot/samples/websocket/echo/SampleWebSocketsApplicationTests.java index 430bcaac692..89230dc8025 100644 --- a/spring-boot-samples/spring-boot-sample-websocket/src/test/java/org/springframework/boot/samples/websocket/echo/SampleWebSocketsApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-websocket/src/test/java/org/springframework/boot/samples/websocket/echo/SampleWebSocketsApplicationTests.java @@ -59,7 +59,7 @@ public class SampleWebSocketsApplicationTests { .run(SampleWebSocketsApplication.class); } }); - context = future.get(30, TimeUnit.SECONDS); + context = future.get(60, TimeUnit.SECONDS); } @AfterClass