Fix security config

Dave Syer · Dave Syer · commit d852f2996ab5 · 2013-08-22T11:43:22.000+01:00
The management endpoints were still all mixed up
with the user endpoints. Fixed that and extracted
user endpoints in to conditional block so not
protected if path explicitly set to empty string.

[#53029715]
diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/SecurityAutoConfiguration.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/SecurityAutoConfiguration.java
@@ -17,7 +17,6 @@
 package org.springframework.boot.actuate.autoconfigure;
 
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.List;
 
 import org.apache.commons.logging.Log;
@@ -141,12 +140,17 @@ protected void configure(HttpSecurity http) throws Exception {
 				http.httpBasic().and().anonymous().disable();
 				ExpressionUrlAuthorizationConfigurer<HttpSecurity> authorizeUrls = http
 						.authorizeUrls();
-				if (getEndpointPaths(true).length > 0) {
+				String[] paths = getEndpointPaths(true);
+				if (paths.length > 0) {
 					authorizeUrls.antMatchers(getEndpointPaths(true)).hasRole(
 							this.management.getUser().getRole());
 				}
-				authorizeUrls.antMatchers(getSecureApplicationPaths())
-						.hasRole(this.security.getBasic().getRole()).and().httpBasic();
+				paths = getSecureApplicationPaths();
+				if (paths.length > 0) {
+					authorizeUrls.antMatchers(getSecureApplicationPaths()).hasRole(
+							this.security.getBasic().getRole());
+				}
+				authorizeUrls.and().httpBasic();
 			}
 
 			// No cookies for service endpoints by default
@@ -164,7 +168,6 @@ private String[] getSecureApplicationPaths() {
 					list.add(path);
 				}
 			}
-			list.addAll(Arrays.asList(getEndpointPaths(true)));
 			return list.toArray(new String[list.size()]);
 		}
 
diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jdbc/AbstractDataSourceConfiguration.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/jdbc/AbstractDataSourceConfiguration.java
@@ -37,7 +37,7 @@ public abstract class AbstractDataSourceConfiguration implements BeanClassLoader
 
 	private String password = "";
 
-	private int maxActive = 8;
+	private int maxActive = 100;
 
 	private int maxIdle = 8;
 
diff --git a/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationPortTests.java b/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationPortTests.java
@@ -28,7 +28,6 @@
 import org.junit.Ignore;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.ops.ui.SampleActuatorUiApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -63,7 +62,7 @@ public ConfigurableApplicationContext call() throws Exception {
 										.run(SampleActuatorUiApplication.class, args);
 							}
 						});
-		context = future.get(10, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass
diff --git a/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator-ui/src/test/java/org/springframework/boot/sample/ops/ui/SampleActuatorUiApplicationTests.java
@@ -28,7 +28,6 @@
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.ops.ui.SampleActuatorUiApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
@@ -63,7 +62,7 @@ public ConfigurableApplicationContext call() throws Exception {
 										.run(SampleActuatorUiApplication.class);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass
diff --git a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/EndpointsPropertiesSampleActuatorApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/EndpointsPropertiesSampleActuatorApplicationTests.java
@@ -28,7 +28,6 @@
 import org.junit.After;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.ops.SampleActuatorApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpRequest;
 import org.springframework.http.HttpStatus;
@@ -64,7 +63,7 @@ public ConfigurableApplicationContext call() throws Exception {
 										.run(configuration, args);
 							}
 						});
-		this.context = future.get(10, TimeUnit.SECONDS);
+		this.context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@After
diff --git a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementAddressSampleActuatorApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementAddressSampleActuatorApplicationTests.java
@@ -71,7 +71,7 @@ public ConfigurableApplicationContext call() throws Exception {
 										.run(SampleActuatorApplication.class, args);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass
diff --git a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementSampleActuatorApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ManagementSampleActuatorApplicationTests.java
@@ -27,7 +27,6 @@
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.ops.SampleActuatorApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -62,7 +61,7 @@ public ConfigurableApplicationContext call() throws Exception {
 										.run(SampleActuatorApplication.class, args);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass
diff --git a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/NoManagementSampleActuatorApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/NoManagementSampleActuatorApplicationTests.java
@@ -69,7 +69,7 @@ public ConfigurableApplicationContext call() throws Exception {
 										.run(SampleActuatorApplication.class, args);
 							}
 						});
-		context = future.get(10, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass
diff --git a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/SampleActuatorApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/SampleActuatorApplicationTests.java
@@ -67,7 +67,7 @@ public ConfigurableApplicationContext call() throws Exception {
 										.run(SampleActuatorApplication.class);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass
diff --git a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ShutdownSampleActuatorApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/ShutdownSampleActuatorApplicationTests.java
@@ -66,7 +66,7 @@ public ConfigurableApplicationContext call() throws Exception {
 										.run(SampleActuatorApplication.class);
 							}
 						});
-		context = future.get(10, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass
diff --git a/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/UnsecureSampleActuatorApplicationTests.java b/spring-boot-samples/spring-boot-sample-actuator/src/test/java/org/springframework/boot/sample/ops/UnsecureSampleActuatorApplicationTests.java
@@ -27,7 +27,6 @@
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.ops.SampleActuatorApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -60,7 +59,7 @@ public ConfigurableApplicationContext call() throws Exception {
 												"--security.basic.enabled=false");
 							}
 						});
-		context = future.get(10, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass
diff --git a/spring-boot-samples/spring-boot-sample-jetty/src/test/java/org/springframework/boot/sample/jetty/SampleJettyApplicationTests.java b/spring-boot-samples/spring-boot-sample-jetty/src/test/java/org/springframework/boot/sample/jetty/SampleJettyApplicationTests.java
@@ -26,7 +26,6 @@
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.jetty.SampleJettyApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -56,7 +55,7 @@ public ConfigurableApplicationContext call() throws Exception {
 										.run(SampleJettyApplication.class);
 							}
 						});
-		context = future.get(10, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass
diff --git a/spring-boot-samples/spring-boot-sample-traditional/src/test/java/org/springframework/boot/sample/traditional/SampleTraditionalApplicationTests.java b/spring-boot-samples/spring-boot-sample-traditional/src/test/java/org/springframework/boot/sample/traditional/SampleTraditionalApplicationTests.java
@@ -26,7 +26,6 @@
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.traditional.SampleTraditionalApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -57,7 +56,7 @@ public ConfigurableApplicationContext call() throws Exception {
 										.run(SampleTraditionalApplication.class);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass
diff --git a/spring-boot-samples/spring-boot-sample-web-static/src/test/java/org/springframework/boot/sample/ui/SampleWebStaticApplicationTests.java b/spring-boot-samples/spring-boot-sample-web-static/src/test/java/org/springframework/boot/sample/ui/SampleWebStaticApplicationTests.java
@@ -41,7 +41,7 @@ public ConfigurableApplicationContext call() throws Exception {
 										.run(SampleWebStaticApplication.class);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass
diff --git a/spring-boot-samples/spring-boot-sample-web-ui/src/test/java/org/springframework/boot/sample/ui/SampleWebUiApplicationTests.java b/spring-boot-samples/spring-boot-sample-web-ui/src/test/java/org/springframework/boot/sample/ui/SampleWebUiApplicationTests.java
@@ -11,7 +11,6 @@
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.sample.ui.SampleWebUiApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -45,7 +44,7 @@ public ConfigurableApplicationContext call() throws Exception {
 										.run(SampleWebUiApplication.class);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass
diff --git a/spring-boot-samples/spring-boot-sample-websocket/src/test/java/org/springframework/boot/samples/websocket/echo/SampleWebSocketsApplicationTests.java b/spring-boot-samples/spring-boot-sample-websocket/src/test/java/org/springframework/boot/samples/websocket/echo/SampleWebSocketsApplicationTests.java
@@ -59,7 +59,7 @@ public ConfigurableApplicationContext call() throws Exception {
 										.run(SampleWebSocketsApplication.class);
 							}
 						});
-		context = future.get(30, TimeUnit.SECONDS);
+		context = future.get(60, TimeUnit.SECONDS);
 	}
 
 	@AfterClass

Original file line number	Diff line number	Diff line change
`@@ -71,7 +71,7 @@ public ConfigurableApplicationContext call() throws Exception {`
`71`	`71`	`.run(SampleActuatorApplication.class, args);`
`72`	`72`	`}`
`73`	`73`	`});`
`74`		`- context = future.get(30, TimeUnit.SECONDS);`
	`74`	`+ context = future.get(60, TimeUnit.SECONDS);`
`75`	`75`	`}`
`76`	`76`
`77`	`77`	`@AfterClass`
Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ public ConfigurableApplicationContext call() throws Exception {`
`69`	`69`	`.run(SampleActuatorApplication.class, args);`
`70`	`70`	`}`
`71`	`71`	`});`
`72`		`- context = future.get(10, TimeUnit.SECONDS);`
	`72`	`+ context = future.get(60, TimeUnit.SECONDS);`
`73`	`73`	`}`
`74`	`74`
`75`	`75`	`@AfterClass`
Original file line number	Diff line number	Diff line change
`@@ -67,7 +67,7 @@ public ConfigurableApplicationContext call() throws Exception {`
`67`	`67`	`.run(SampleActuatorApplication.class);`
`68`	`68`	`}`
`69`	`69`	`});`
`70`		`- context = future.get(30, TimeUnit.SECONDS);`
	`70`	`+ context = future.get(60, TimeUnit.SECONDS);`
`71`	`71`	`}`
`72`	`72`
`73`	`73`	`@AfterClass`
Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@ public ConfigurableApplicationContext call() throws Exception {`
`66`	`66`	`.run(SampleActuatorApplication.class);`
`67`	`67`	`}`
`68`	`68`	`});`
`69`		`- context = future.get(10, TimeUnit.SECONDS);`
	`69`	`+ context = future.get(60, TimeUnit.SECONDS);`
`70`	`70`	`}`
`71`	`71`
`72`	`72`	`@AfterClass`
Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ public ConfigurableApplicationContext call() throws Exception {`
`41`	`41`	`.run(SampleWebStaticApplication.class);`
`42`	`42`	`}`
`43`	`43`	`});`
`44`		`- context = future.get(30, TimeUnit.SECONDS);`
	`44`	`+ context = future.get(60, TimeUnit.SECONDS);`
`45`	`45`	`}`
`46`	`46`
`47`	`47`	`@AfterClass`
Original file line number	Diff line number	Diff line change
`@@ -59,7 +59,7 @@ public ConfigurableApplicationContext call() throws Exception {`
`59`	`59`	`.run(SampleWebSocketsApplication.class);`
`60`	`60`	`}`
`61`	`61`	`});`
`62`		`- context = future.get(30, TimeUnit.SECONDS);`
	`62`	`+ context = future.get(60, TimeUnit.SECONDS);`
`63`	`63`	`}`
`64`	`64`
`65`	`65`	`@AfterClass`