Merge branch '1.5.x'

Author: mbhave

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/cloudfoundry/CloudFoundryEndpointHandlerMapping.java

@@ -27,6 +27,7 @@
 import org.springframework.boot.actuate.endpoint.Endpoint;
 import org.springframework.boot.actuate.endpoint.mvc.AbstractEndpointHandlerMapping;
 import org.springframework.boot.actuate.endpoint.mvc.HalJsonMvcEndpoint;
+import org.springframework.boot.actuate.endpoint.mvc.HealthMvcEndpoint;
 import org.springframework.boot.actuate.endpoint.mvc.MvcEndpoint;
 import org.springframework.boot.actuate.endpoint.mvc.NamedMvcEndpoint;
 import org.springframework.web.cors.CorsConfiguration;
@@ -54,10 +55,20 @@ class CloudFoundryEndpointHandlerMapping
 	protected void postProcessEndpoints(Set<NamedMvcEndpoint> endpoints) {
 		super.postProcessEndpoints(endpoints);
 		Iterator<NamedMvcEndpoint> iterator = endpoints.iterator();
+		HealthMvcEndpoint healthMvcEndpoint = null;
 		while (iterator.hasNext()) {
-			if (iterator.next() instanceof HalJsonMvcEndpoint) {
+			NamedMvcEndpoint endpoint = iterator.next();
+			if (endpoint instanceof HalJsonMvcEndpoint) {
 				iterator.remove();
 			}
+			else if (endpoint instanceof HealthMvcEndpoint) {
+				iterator.remove();
+				healthMvcEndpoint = (HealthMvcEndpoint) endpoint;
+			}
+		}
+		if (healthMvcEndpoint != null) {
+			endpoints.add(
+					new CloudFoundryHealthMvcEndpoint(healthMvcEndpoint.getDelegate()));
 		}
 	}
 

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/cloudfoundry/CloudFoundryHealthMvcEndpoint.java

@@ -0,0 +1,43 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.actuate.cloudfoundry;
+
+import java.security.Principal;
+
+import org.springframework.boot.actuate.endpoint.HealthEndpoint;
+import org.springframework.boot.actuate.endpoint.mvc.HealthMvcEndpoint;
+
+/**
+ * Extension of {@link HealthMvcEndpoint} for Cloud Foundry. Since security for Cloud
+ * Foundry actuators is already handled by the {@link CloudFoundrySecurityInterceptor},
+ * this endpoint skips the additional security checks done by the regular
+ * {@link HealthMvcEndpoint}.
+ *
+ * @author Madhura Bhave
+ */
+class CloudFoundryHealthMvcEndpoint extends HealthMvcEndpoint {
+
+	CloudFoundryHealthMvcEndpoint(HealthEndpoint delegate) {
+		super(delegate);
+	}
+
+	@Override
+	protected boolean exposeHealthDetails(Principal principal) {
+		return true;
+	}
+
+}

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/cloudfoundry/CloudFoundrySecurityInterceptor.java

@@ -24,6 +24,7 @@
 
 import org.springframework.boot.actuate.cloudfoundry.CloudFoundryAuthorizationException.Reason;
 import org.springframework.boot.actuate.endpoint.mvc.MvcEndpoint;
+import org.springframework.http.MediaType;
 import org.springframework.util.StringUtils;
 import org.springframework.web.cors.CorsUtils;
 import org.springframework.web.method.HandlerMethod;
@@ -74,6 +75,9 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons
 		}
 		catch (CloudFoundryAuthorizationException ex) {
 			this.logger.error(ex);
+			response.setContentType(MediaType.APPLICATION_JSON.toString());
+			response.getWriter()
+					.write("{\"security_error\":\"" + ex.getMessage() + "\"}");
 			response.setStatus(ex.getStatusCode().value());
 			return false;
 		}

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/HealthMvcEndpoint.java

@@ -178,7 +178,7 @@ private boolean isCacheStale(long accessTime) {
 		return (accessTime - this.lastAccess) >= getDelegate().getTimeToLive();
 	}
 
-	private boolean exposeHealthDetails(Principal principal) {
+	protected boolean exposeHealthDetails(Principal principal) {
 		return isSecure(principal) || isUnrestricted();
 	}
 

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/cloudfoundry/CloudFoundryEndpointHandlerMappingTests.java

@@ -22,11 +22,15 @@
 import org.mockito.Mockito;
 
 import org.springframework.boot.actuate.endpoint.AbstractEndpoint;
+import org.springframework.boot.actuate.endpoint.HealthEndpoint;
 import org.springframework.boot.actuate.endpoint.mvc.AbstractEndpointHandlerMappingTests;
 import org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter;
 import org.springframework.boot.actuate.endpoint.mvc.HalJsonMvcEndpoint;
+import org.springframework.boot.actuate.endpoint.mvc.HealthMvcEndpoint;
 import org.springframework.boot.actuate.endpoint.mvc.ManagementServletContext;
 import org.springframework.boot.actuate.endpoint.mvc.NamedMvcEndpoint;
+import org.springframework.boot.actuate.health.HealthIndicator;
+import org.springframework.boot.actuate.health.OrderedHealthAggregator;
 import org.springframework.context.support.StaticApplicationContext;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.web.method.HandlerMethod;
@@ -88,6 +92,23 @@ public void registersCloudFoundryDiscoveryEndpoint() throws Exception {
 				.isInstanceOf(CloudFoundryDiscoveryMvcEndpoint.class);
 	}
 
+	@Test
+	public void registersCloudFoundryHealthEndpoint() throws Exception {
+		StaticApplicationContext context = new StaticApplicationContext();
+		HealthEndpoint delegate = new HealthEndpoint(new OrderedHealthAggregator(),
+				Collections.<String, HealthIndicator>emptyMap());
+		CloudFoundryEndpointHandlerMapping handlerMapping = new CloudFoundryEndpointHandlerMapping(
+				Collections.singleton(new TestHealthMvcEndpoint(delegate)), null, null);
+		handlerMapping.setPrefix("/test");
+		handlerMapping.setApplicationContext(context);
+		handlerMapping.afterPropertiesSet();
+		HandlerExecutionChain handler = handlerMapping
+				.getHandler(new MockHttpServletRequest("GET", "/test/health"));
+		HandlerMethod handlerMethod = (HandlerMethod) handler.getHandler();
+		Object handlerMethodBean = handlerMethod.getBean();
+		assertThat(handlerMethodBean).isInstanceOf(CloudFoundryHealthMvcEndpoint.class);
+	}
+
 	private static class TestEndpoint extends AbstractEndpoint<Object> {
 
 		TestEndpoint(String id) {
@@ -124,4 +145,12 @@ public String getContextPath() {
 
 	}
 
+	private static class TestHealthMvcEndpoint extends HealthMvcEndpoint {
+
+		TestHealthMvcEndpoint(HealthEndpoint delegate) {
+			super(delegate);
+		}
+
+	}
+
 }

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/cloudfoundry/CloudFoundryHealthMvcEndpointTests.java

@@ -0,0 +1,51 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.actuate.cloudfoundry;
+
+import org.junit.Test;
+
+import org.springframework.boot.actuate.endpoint.HealthEndpoint;
+import org.springframework.boot.actuate.health.Health;
+import org.springframework.boot.actuate.health.Status;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.mock;
+
+/**
+ * Tests for {@link CloudFoundryHealthMvcEndpoint}.
+ *
+ * @author Madhura Bhave
+ */
+public class CloudFoundryHealthMvcEndpointTests {
+
+	@Test
+	public void cloudFoundryHealthEndpointShouldAlwaysReturnAllHealthDetails()
+			throws Exception {
+		HealthEndpoint endpoint = mock(HealthEndpoint.class);
+		given(endpoint.isEnabled()).willReturn(true);
+		CloudFoundryHealthMvcEndpoint mvc = new CloudFoundryHealthMvcEndpoint(endpoint);
+		given(endpoint.invoke())
+				.willReturn(new Health.Builder().up().withDetail("foo", "bar").build());
+		given(endpoint.isSensitive()).willReturn(false);
+		Object result = mvc.invoke(null);
+		assertThat(result instanceof Health).isTrue();
+		assertThat(((Health) result).getStatus() == Status.UP).isTrue();
+		assertThat(((Health) result).getDetails().get("foo")).isEqualTo("bar");
+	}
+
+}

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/cloudfoundry/CloudFoundrySecurityInterceptorTests.java

@@ -28,6 +28,7 @@
 import org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.util.Base64Utils;
@@ -87,6 +88,9 @@ public void preHandleWhenTokenIsMissingShouldReturnFalse() throws Exception {
 		assertThat(preHandle).isFalse();
 		assertThat(this.response.getStatus())
 				.isEqualTo(Reason.MISSING_AUTHORIZATION.getStatus().value());
+		assertThat(this.response.getContentAsString()).contains("security_error");
+		assertThat(this.response.getContentType())
+				.isEqualTo(MediaType.APPLICATION_JSON.toString());
 	}
 
 	@Test