org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of spring-boot-actuator-autoconfigure Show documentation
Show all versions of spring-boot-actuator-autoconfigure Show documentation
Spring Boot Actuator AutoConfigure
/*
* Copyright 2012-2024 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.boot.actuate.autoconfigure.security.servlet;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointProperties;
import org.springframework.boot.actuate.autoconfigure.web.server.ManagementPortType;
import org.springframework.boot.actuate.endpoint.EndpointId;
import org.springframework.boot.actuate.endpoint.annotation.Endpoint;
import org.springframework.boot.actuate.endpoint.web.PathMappedEndpoints;
import org.springframework.boot.autoconfigure.security.servlet.RequestMatcherProvider;
import org.springframework.boot.security.servlet.ApplicationContextRequestMatcher;
import org.springframework.boot.web.context.WebServerApplicationContext;
import org.springframework.core.annotation.MergedAnnotation;
import org.springframework.core.annotation.MergedAnnotations;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.context.WebApplicationContext;
/**
* Factory that can be used to create a {@link RequestMatcher} for actuator endpoint
* locations.
*
* @author Madhura Bhave
* @author Phillip Webb
* @since 2.0.0
*/
public final class EndpointRequest {
private static final RequestMatcher EMPTY_MATCHER = (request) -> false;
private EndpointRequest() {
}
/**
* Returns a matcher that includes all {@link Endpoint actuator endpoints}. It also
* includes the links endpoint which is present at the base path of the actuator
* endpoints. The {@link EndpointRequestMatcher#excluding(Class...) excluding} method
* can be used to further remove specific endpoints if required. For example:
*
* EndpointRequest.toAnyEndpoint().excluding(ShutdownEndpoint.class)
*
* @return the configured {@link RequestMatcher}
*/
public static EndpointRequestMatcher toAnyEndpoint() {
return new EndpointRequestMatcher(true);
}
/**
* Returns a matcher that includes the specified {@link Endpoint actuator endpoints}.
* For example:
* EndpointRequest.to(ShutdownEndpoint.class, HealthEndpoint.class)
*
* @param endpoints the endpoints to include
* @return the configured {@link RequestMatcher}
*/
public static EndpointRequestMatcher to(Class... endpoints) {
return new EndpointRequestMatcher(endpoints, false);
}
/**
* Returns a matcher that includes the specified {@link Endpoint actuator endpoints}.
* For example:
* EndpointRequest.to("shutdown", "health")
*
* @param endpoints the endpoints to include
* @return the configured {@link RequestMatcher}
*/
public static EndpointRequestMatcher to(String... endpoints) {
return new EndpointRequestMatcher(endpoints, false);
}
/**
* Returns a matcher that matches only on the links endpoint. It can be used when
* security configuration for the links endpoint is different from the other
* {@link Endpoint actuator endpoints}. The
* {@link EndpointRequestMatcher#excludingLinks() excludingLinks} method can be used
* in combination with this to remove the links endpoint from
* {@link EndpointRequest#toAnyEndpoint() toAnyEndpoint}. For example:
*
* EndpointRequest.toLinks()
*
* @return the configured {@link RequestMatcher}
*/
public static LinksRequestMatcher toLinks() {
return new LinksRequestMatcher();
}
/**
* Base class for supported request matchers.
*/
private abstract static class AbstractRequestMatcher
extends ApplicationContextRequestMatcher {
private volatile RequestMatcher delegate;
private ManagementPortType managementPortType;
AbstractRequestMatcher() {
super(WebApplicationContext.class);
}
@Override
protected boolean ignoreApplicationContext(WebApplicationContext applicationContext) {
if (this.managementPortType == null) {
this.managementPortType = ManagementPortType.get(applicationContext.getEnvironment());
}
return this.managementPortType == ManagementPortType.DIFFERENT
&& !WebServerApplicationContext.hasServerNamespace(applicationContext, "management");
}
@Override
protected final void initialized(Supplier context) {
this.delegate = createDelegate(context.get());
}
@Override
protected final boolean matches(HttpServletRequest request, Supplier context) {
return this.delegate.matches(request);
}
private RequestMatcher createDelegate(WebApplicationContext context) {
try {
return createDelegate(context, new RequestMatcherFactory());
}
catch (NoSuchBeanDefinitionException ex) {
return EMPTY_MATCHER;
}
}
protected abstract RequestMatcher createDelegate(WebApplicationContext context,
RequestMatcherFactory requestMatcherFactory);
protected List getLinksMatchers(RequestMatcherFactory requestMatcherFactory,
RequestMatcherProvider matcherProvider, String basePath) {
List linksMatchers = new ArrayList<>();
linksMatchers.add(requestMatcherFactory.antPath(matcherProvider, basePath));
linksMatchers.add(requestMatcherFactory.antPath(matcherProvider, basePath, "/"));
return linksMatchers;
}
protected RequestMatcherProvider getRequestMatcherProvider(WebApplicationContext context) {
try {
return context.getBean(RequestMatcherProvider.class);
}
catch (NoSuchBeanDefinitionException ex) {
return AntPathRequestMatcher::new;
}
}
}
/**
* The request matcher used to match against {@link Endpoint actuator endpoints}.
*/
public static final class EndpointRequestMatcher extends AbstractRequestMatcher {
private final List