From daa280faff6522aebf9dafe99370db50c5d03c00 Mon Sep 17 00:00:00 2001
From: Andy Wilkinson <awilkinson@pivotal.io>
Date: Tue, 20 Feb 2018 16:28:55 +0000
Subject: [PATCH] Drop AuthorityReactiveAuthorizationManager and avoid need to
 block

See gh-11869
---
 .../AbstractWebFluxEndpointHandlerMapping.java      | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/web/reactive/AbstractWebFluxEndpointHandlerMapping.java b/spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/web/reactive/AbstractWebFluxEndpointHandlerMapping.java
index ab1a192e5e3..d98d74b8778 100644
--- a/spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/web/reactive/AbstractWebFluxEndpointHandlerMapping.java
+++ b/spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/web/reactive/AbstractWebFluxEndpointHandlerMapping.java
@@ -42,8 +42,8 @@ import org.springframework.boot.actuate.endpoint.web.WebOperationRequestPredicat
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
-import org.springframework.security.authorization.AuthorityReactiveAuthorizationManager;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.util.ClassUtils;
 import org.springframework.util.ReflectionUtils;
@@ -402,11 +402,16 @@ public abstract class AbstractWebFluxEndpointHandlerMapping
 
 		@Override
 		public boolean isUserInRole(String role) {
-			if (this.authentication == null) {
+			if (this.authentication == null || !this.authentication.isAuthenticated()) {
 				return false;
 			}
-			return AuthorityReactiveAuthorizationManager.hasRole(role)
-					.check(Mono.just(this.authentication), null).block().isGranted();
+			for (GrantedAuthority grantedAuthority : this.authentication
+					.getAuthorities()) {
+				if (role.equals(grantedAuthority.getAuthority())) {
+					return true;
+				}
+			}
+			return false;
 		}
 
 	}