Add MockMvc-based integration tests for management.security.enabled

wilkinsona · wilkinsona · commit ff5e4631e37e · 2015-09-30T10:19:04.000+01:00
See gh-3997
diff --git a/spring-boot-actuator/pom.xml b/spring-boot-actuator/pom.xml
@@ -312,5 +312,10 @@
 			<artifactId>spring-data-rest-webmvc</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-test</artifactId>
+			<scope>test</scope>
+		</dependency>
 	</dependencies>
 </project>
diff --git a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpointIntegrationTests.java b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpointIntegrationTests.java
@@ -20,22 +20,30 @@
 import org.springframework.boot.actuate.autoconfigure.EndpointAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.EndpointWebMvcAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.ManagementServerPropertiesAutoConfiguration;
+import org.springframework.boot.actuate.autoconfigure.ManagementWebSecurityAutoConfiguration;
 import org.springframework.boot.autoconfigure.PropertyPlaceholderAutoConfiguration;
 import org.springframework.boot.autoconfigure.data.rest.RepositoryRestMvcAutoConfiguration;
 import org.springframework.boot.autoconfigure.hateoas.HypermediaAutoConfiguration;
 import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
 import org.springframework.boot.autoconfigure.test.ImportAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.HttpMessageConvertersAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.WebMvcAutoConfiguration;
 import org.springframework.boot.test.EnvironmentTestUtils;
+import org.springframework.context.annotation.Import;
 import org.springframework.mock.web.MockServletContext;
 import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.DefaultMockMvcBuilder;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.test.web.servlet.setup.MockMvcConfigurer;
 import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
 
 import static org.hamcrest.Matchers.startsWith;
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
  * Integration tests for the Actuator's MVC endpoints.
@@ -73,6 +81,24 @@ public void jsonResponsesCanBeIndentedWhenSpringDataRestIsAutoConfigured()
 		assertIndentedJsonResponse(SpringDataRestConfiguration.class);
 	}
 
+	@Test
+	public void endpointsAreSecureByDefault() throws Exception {
+		this.context = new AnnotationConfigWebApplicationContext();
+		this.context.register(SecureConfiguration.class);
+		MockMvc mockMvc = createSecureMockMvc();
+		mockMvc.perform(get("/beans")).andExpect(status().isUnauthorized());
+	}
+
+	@Test
+	public void endpointSecurityCanBeDisabled() throws Exception {
+		this.context = new AnnotationConfigWebApplicationContext();
+		this.context.register(SecureConfiguration.class);
+		EnvironmentTestUtils.addEnvironment(this.context,
+				"management.security.enabled:false");
+		MockMvc mockMvc = createSecureMockMvc();
+		mockMvc.perform(get("/beans")).andDo(print()).andExpect(status().isOk());
+	}
+
 	private void assertIndentedJsonResponse(Class<?> configuration) throws Exception {
 		this.context = new AnnotationConfigWebApplicationContext();
 		this.context.register(configuration);
@@ -84,9 +110,21 @@ private void assertIndentedJsonResponse(Class<?> configuration) throws Exception
 	}
 
 	private MockMvc createMockMvc() {
+		return doCreateMockMvc();
+	}
+
+	private MockMvc createSecureMockMvc() {
+		return doCreateMockMvc(springSecurity());
+	}
+
+	private MockMvc doCreateMockMvc(MockMvcConfigurer... configurers) {
 		this.context.setServletContext(new MockServletContext());
 		this.context.refresh();
-		return MockMvcBuilders.webAppContextSetup(this.context).build();
+		DefaultMockMvcBuilder builder = MockMvcBuilders.webAppContextSetup(this.context);
+		for (MockMvcConfigurer configurer : configurers) {
+			builder.apply(configurer);
+		}
+		return builder.build();
 	}
 
 	@ImportAutoConfiguration({ JacksonAutoConfiguration.class,
@@ -117,4 +155,11 @@ static class SpringDataRestConfiguration {
 
 	}
 
+	@Import(DefaultConfiguration.class)
+	@ImportAutoConfiguration({ SecurityAutoConfiguration.class,
+			ManagementWebSecurityAutoConfiguration.class })
+	static class SecureConfiguration {
+
+	}
+
 }
