Skip to content

Commit fc67e24

Browse files
wilkinsonawilkinsona
committed
Merge branch '3.5.x' into 4.0.x
Closes gh-50260
2 parents a0a344f + 03eb75f commit fc67e24

4 files changed

Lines changed: 42 additions & 15 deletions

File tree

module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/web/reactive/EndpointRequest.java

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -325,6 +325,8 @@ public EndpointServerWebExchangeMatcher excludingLinks() {
325325

326326
/**
327327
* Restricts the matcher to only consider requests with a particular http method.
328+
* <p>
329+
* The links endpoint, if included, is always matched using {@code GET}.
328330
* @param httpMethod the http method to include
329331
* @return a copy of the matcher further restricted to only match requests with
330332
* the specified http method
@@ -382,9 +384,9 @@ protected ServerWebExchangeMatcher createDelegate(WebEndpointProperties properti
382384
String linksPath = getLinksPath(properties.getBasePath());
383385
if (linksPath != null) {
384386
List<ServerWebExchangeMatcher> linksMatchers = new ArrayList<>();
385-
linksMatchers.add(new PathPatternParserServerWebExchangeMatcher(linksPath));
387+
linksMatchers.add(new PathPatternParserServerWebExchangeMatcher(linksPath, HttpMethod.GET));
386388
if (!linksPath.endsWith("/")) {
387-
linksMatchers.add(new PathPatternParserServerWebExchangeMatcher(linksPath + "/"));
389+
linksMatchers.add(new PathPatternParserServerWebExchangeMatcher(linksPath + "/", HttpMethod.GET));
388390
}
389391
return new OrServerWebExchangeMatcher(linksMatchers);
390392
}

module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/web/servlet/EndpointRequest.java

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -226,9 +226,9 @@ protected final List<RequestMatcher> getDelegateMatchers(RequestMatcherFactory r
226226
protected List<RequestMatcher> getLinksMatchers(RequestMatcherFactory requestMatcherFactory,
227227
RequestMatcherProvider matcherProvider, String linksPath) {
228228
List<RequestMatcher> linksMatchers = new ArrayList<>();
229-
linksMatchers.add(requestMatcherFactory.antPath(matcherProvider, null, linksPath));
229+
linksMatchers.add(requestMatcherFactory.antPath(matcherProvider, HttpMethod.GET, linksPath));
230230
if (!linksPath.endsWith("/")) {
231-
linksMatchers.add(requestMatcherFactory.antPath(matcherProvider, null, linksPath, "/"));
231+
linksMatchers.add(requestMatcherFactory.antPath(matcherProvider, HttpMethod.GET, linksPath, "/"));
232232
}
233233
return linksMatchers;
234234
}
@@ -333,6 +333,8 @@ public EndpointRequestMatcher excludingLinks() {
333333

334334
/**
335335
* Restricts the matcher to only consider requests with a particular HTTP method.
336+
* <p>
337+
* The links endpoint, if included, is always matched using {@code GET}.
336338
* @param httpMethod the HTTP method to include
337339
* @return a copy of the matcher further restricted to only match requests with
338340
* the specified HTTP method

module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/actuate/web/reactive/EndpointRequestTests.java

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -77,6 +77,15 @@ void toAnyEndpointWithHttpMethodShouldRespectRequestMethod() {
7777
assertMatcher(matcher, "/actuator").doesNotMatch(HttpMethod.GET, "/actuator/foo");
7878
}
7979

80+
@Test
81+
void toAnyEndpointWithHttpMethodShouldUseGetForLinks() {
82+
ServerWebExchangeMatcher matcher = EndpointRequest.toAnyEndpoint().withHttpMethod(HttpMethod.POST);
83+
assertMatcher(matcher, "/actuator").matches(HttpMethod.GET, "/actuator");
84+
assertMatcher(matcher, "/actuator").doesNotMatch(HttpMethod.POST, "/actuator");
85+
assertMatcher(matcher, "/actuator").matches(HttpMethod.GET, "/actuator/");
86+
assertMatcher(matcher, "/actuator").doesNotMatch(HttpMethod.POST, "/actuator/");
87+
}
88+
8089
@Test
8190
void toAnyEndpointShouldMatchEndpointPathWithTrailingSlash() {
8291
ServerWebExchangeMatcher matcher = EndpointRequest.toAnyEndpoint();
@@ -142,8 +151,10 @@ void toLinksShouldOnlyMatchLinks() {
142151
ServerWebExchangeMatcher matcher = EndpointRequest.toLinks();
143152
assertMatcher(matcher).doesNotMatch("/actuator/foo");
144153
assertMatcher(matcher).doesNotMatch("/actuator/bar");
145-
assertMatcher(matcher).matches("/actuator");
146-
assertMatcher(matcher).matches("/actuator/");
154+
assertMatcher(matcher).matches(HttpMethod.GET, "/actuator");
155+
assertMatcher(matcher).doesNotMatch(HttpMethod.POST, "/actuator");
156+
assertMatcher(matcher).matches(HttpMethod.GET, "/actuator/");
157+
assertMatcher(matcher).doesNotMatch(HttpMethod.POST, "/actuator/");
147158
}
148159

149160
@Test

module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/actuate/web/servlet/EndpointRequestTests.java

Lines changed: 21 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@ void toAnyEndpointShouldMatchEndpointPath() {
6565
assertMatcher(matcher, "/actuator").matches("/actuator/foo/zoo/");
6666
assertMatcher(matcher, "/actuator").matches("/actuator/bar");
6767
assertMatcher(matcher, "/actuator").matches("/actuator/bar/baz");
68-
assertMatcher(matcher, "/actuator").matches("/actuator");
68+
assertMatcher(matcher, "/actuator").matches(HttpMethod.GET, "/actuator");
6969
}
7070

7171
@Test
@@ -76,12 +76,22 @@ void toAnyEndpointWithHttpMethodShouldRespectRequestMethod() {
7676
assertMatcher(matcher, "/actuator").doesNotMatch(HttpMethod.GET, "/actuator/foo");
7777
}
7878

79+
@Test
80+
void toAnyEndpointWithHttpMethodShouldUseGetForLinks() {
81+
EndpointRequest.EndpointRequestMatcher matcher = EndpointRequest.toAnyEndpoint()
82+
.withHttpMethod(HttpMethod.POST);
83+
assertMatcher(matcher, "/actuator").matches(HttpMethod.GET, "/actuator");
84+
assertMatcher(matcher, "/actuator").doesNotMatch(HttpMethod.POST, "/actuator");
85+
assertMatcher(matcher, "/actuator").matches(HttpMethod.GET, "/actuator/");
86+
assertMatcher(matcher, "/actuator").doesNotMatch(HttpMethod.POST, "/actuator/");
87+
}
88+
7989
@Test
8090
void toAnyEndpointShouldMatchEndpointPathWithTrailingSlash() {
8191
RequestMatcher matcher = EndpointRequest.toAnyEndpoint();
8292
assertMatcher(matcher, "/actuator").matches("/actuator/foo/");
8393
assertMatcher(matcher, "/actuator").matches("/actuator/bar/");
84-
assertMatcher(matcher, "/actuator").matches("/actuator/");
94+
assertMatcher(matcher, "/actuator").matches(HttpMethod.GET, "/actuator/");
8595
}
8696

8797
@Test
@@ -98,7 +108,7 @@ void toAnyEndpointWhenBasePathIsEmptyAndManagementPortDifferentShouldMatchLinks(
98108
RequestMatcher matcher = EndpointRequest.toAnyEndpoint();
99109
RequestMatcherAssert assertMatcher = assertMatcher(matcher, mockPathMappedEndpoints(""), null,
100110
WebServerNamespace.MANAGEMENT);
101-
assertMatcher.matches("/");
111+
assertMatcher.matches(HttpMethod.GET, "/");
102112
assertMatcher.matches("/foo");
103113
}
104114

@@ -113,7 +123,7 @@ void toAnyEndpointWhenDispatcherServletPathProviderNotAvailableUsesEmptyPath() {
113123
RequestMatcher matcher = EndpointRequest.toAnyEndpoint();
114124
assertMatcher(matcher, "/actuator").matches("/actuator/foo");
115125
assertMatcher(matcher, "/actuator").matches("/actuator/bar");
116-
assertMatcher(matcher, "/actuator").matches("/actuator");
126+
assertMatcher(matcher, "/actuator").matches(HttpMethod.GET, "/actuator");
117127
assertMatcher(matcher, "/actuator").doesNotMatch("/actuator/baz");
118128
}
119129

@@ -148,8 +158,10 @@ void toLinksShouldOnlyMatchLinks() {
148158
RequestMatcher matcher = EndpointRequest.toLinks();
149159
assertMatcher(matcher).doesNotMatch("/actuator/foo");
150160
assertMatcher(matcher).doesNotMatch("/actuator/bar");
151-
assertMatcher(matcher).matches("/actuator");
152-
assertMatcher(matcher).matches("/actuator/");
161+
assertMatcher(matcher).matches(HttpMethod.GET, "/actuator");
162+
assertMatcher(matcher).doesNotMatch(HttpMethod.POST, "/actuator");
163+
assertMatcher(matcher).matches(HttpMethod.GET, "/actuator/");
164+
assertMatcher(matcher).doesNotMatch(HttpMethod.POST, "/actuator/");
153165
}
154166

155167
@Test
@@ -166,7 +178,7 @@ void toLinksWhenBasePathEmptyAndManagementPortDifferentShouldMatchRoot() {
166178
RequestMatcher matcher = EndpointRequest.toLinks();
167179
RequestMatcherAssert assertMatcher = assertMatcher(matcher, mockPathMappedEndpoints(""), null,
168180
WebServerNamespace.MANAGEMENT);
169-
assertMatcher.matches("/");
181+
assertMatcher.matches(HttpMethod.GET, "/");
170182
assertMatcher.doesNotMatch("/foo");
171183
}
172184

@@ -181,7 +193,7 @@ void excludeByClassShouldNotMatchExcluded() {
181193
assertMatcher(matcher, pathMappedEndpoints).doesNotMatch("/actuator/foo");
182194
assertMatcher(matcher, pathMappedEndpoints).doesNotMatch("/actuator/baz");
183195
assertMatcher(matcher).matches("/actuator/bar");
184-
assertMatcher(matcher).matches("/actuator");
196+
assertMatcher(matcher).matches(HttpMethod.GET, "/actuator");
185197
}
186198

187199
@Test
@@ -196,7 +208,7 @@ void excludeByIdShouldNotMatchExcluded() {
196208
RequestMatcher matcher = EndpointRequest.toAnyEndpoint().excluding("foo");
197209
assertMatcher(matcher).doesNotMatch("/actuator/foo");
198210
assertMatcher(matcher).matches("/actuator/bar");
199-
assertMatcher(matcher).matches("/actuator");
211+
assertMatcher(matcher).matches(HttpMethod.GET, "/actuator");
200212
}
201213

202214
@Test

0 commit comments

Comments
 (0)