Use role-based security to show details in the health endpoint

Closes spring-projectsgh-11869

Author: wilkinsona

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/health/HealthEndpointProperties.java

@@ -16,6 +16,9 @@
 
 package org.springframework.boot.actuate.autoconfigure.health;
 
+import java.util.HashSet;
+import java.util.Set;
+
 import org.springframework.boot.actuate.health.HealthEndpoint;
 import org.springframework.boot.actuate.health.ShowDetails;
 import org.springframework.boot.context.properties.ConfigurationProperties;
@@ -29,9 +32,15 @@
 public class HealthEndpointProperties {
 
 	/**
-	 * Whether to show full health details.
+	 * When to show full health details.
+	 */
+	private ShowDetails showDetails = ShowDetails.WHEN_AUTHORIZED;
+
+	/**
+	 * Roles used to determine whether or not a user is authorized to be shown details.
+	 * When empty, all authenticated users are authorized.
 	 */
-	private ShowDetails showDetails = ShowDetails.WHEN_AUTHENTICATED;
+	private Set<String> roles = new HashSet<>();
 
 	public ShowDetails getShowDetails() {
 		return this.showDetails;
@@ -41,4 +50,12 @@ public void setShowDetails(ShowDetails showDetails) {
 		this.showDetails = showDetails;
 	}
 
+	public Set<String> getRoles() {
+		return this.roles;
+	}
+
+	public void setRoles(Set<String> roles) {
+		this.roles = roles;
+	}
+
 }

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/health/HealthEndpointWebExtensionConfiguration.java

@@ -27,6 +27,7 @@
 import org.springframework.boot.actuate.health.HealthEndpointWebExtension;
 import org.springframework.boot.actuate.health.HealthIndicator;
 import org.springframework.boot.actuate.health.HealthStatusHttpMapper;
+import org.springframework.boot.actuate.health.HealthWebEndpointResponseMapper;
 import org.springframework.boot.actuate.health.OrderedHealthAggregator;
 import org.springframework.boot.actuate.health.ReactiveHealthEndpointWebExtension;
 import org.springframework.boot.actuate.health.ReactiveHealthIndicator;
@@ -59,6 +60,15 @@ public HealthStatusHttpMapper createHealthStatusHttpMapper(
 		return statusHttpMapper;
 	}
 
+	@Bean
+	@ConditionalOnMissingBean
+	public HealthWebEndpointResponseMapper healthWebEndpointResponseMapper(
+			HealthStatusHttpMapper statusHttpMapper,
+			HealthEndpointProperties properties) {
+		return new HealthWebEndpointResponseMapper(statusHttpMapper,
+				properties.getShowDetails(), properties.getRoles());
+	}
+
 	@Configuration
 	@ConditionalOnWebApplication(type = Type.REACTIVE)
 	static class ReactiveWebHealthConfiguration {
@@ -81,10 +91,9 @@ static class ReactiveWebHealthConfiguration {
 		@ConditionalOnEnabledEndpoint
 		@ConditionalOnBean(HealthEndpoint.class)
 		public ReactiveHealthEndpointWebExtension reactiveHealthEndpointWebExtension(
-				HealthStatusHttpMapper healthStatusHttpMapper,
-				HealthEndpointProperties properties) {
+				HealthWebEndpointResponseMapper responseMapper) {
 			return new ReactiveHealthEndpointWebExtension(this.reactiveHealthIndicator,
-					healthStatusHttpMapper, properties.getShowDetails());
+					responseMapper);
 		}
 
 	}
@@ -99,11 +108,10 @@ static class ServletWebHealthConfiguration {
 		@ConditionalOnBean(HealthEndpoint.class)
 		public HealthEndpointWebExtension healthEndpointWebExtension(
 				ApplicationContext applicationContext,
-				HealthStatusHttpMapper healthStatusHttpMapper,
-				HealthEndpointProperties properties) {
+				HealthWebEndpointResponseMapper responseMapper) {
 			return new HealthEndpointWebExtension(
 					HealthIndicatorBeansComposite.get(applicationContext),
-					healthStatusHttpMapper, properties.getShowDetails());
+					responseMapper);
 		}
 
 	}

spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/health/HealthEndpointWebExtensionTests.java

@@ -21,13 +21,15 @@
 
 import org.junit.Test;
 
+import org.springframework.boot.actuate.endpoint.SecurityContext;
 import org.springframework.boot.actuate.health.HealthEndpointWebExtension;
 import org.springframework.boot.actuate.health.HealthStatusHttpMapper;
 import org.springframework.boot.autoconfigure.AutoConfigurations;
 import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 
 /**
@@ -77,7 +79,8 @@ public void unauthenticatedUsersAreNotShownDetailsByDefault() {
 		this.contextRunner.run((context) -> {
 			HealthEndpointWebExtension extension = context
 					.getBean(HealthEndpointWebExtension.class);
-			assertThat(extension.getHealth(null).getBody().getDetails()).isEmpty();
+			assertThat(extension.getHealth(mock(SecurityContext.class)).getBody()
+					.getDetails()).isEmpty();
 		});
 	}
 
@@ -86,7 +89,9 @@ public void authenticatedUsersAreShownDetailsByDefault() {
 		this.contextRunner.run((context) -> {
 			HealthEndpointWebExtension extension = context
 					.getBean(HealthEndpointWebExtension.class);
-			assertThat(extension.getHealth(mock(Principal.class)).getBody().getDetails())
+			SecurityContext securityContext = mock(SecurityContext.class);
+			given(securityContext.getPrincipal()).willReturn(mock(Principal.class));
+			assertThat(extension.getHealth(securityContext).getBody().getDetails())
 					.isNotEmpty();
 		});
 	}
@@ -110,9 +115,64 @@ public void detailsCanBeHiddenFromAuthenticatedUsers() {
 				.run((context) -> {
 					HealthEndpointWebExtension extension = context
 							.getBean(HealthEndpointWebExtension.class);
-					assertThat(extension.getHealth(mock(Principal.class)).getBody()
+					assertThat(extension.getHealth(mock(SecurityContext.class)).getBody()
 							.getDetails()).isEmpty();
 				});
 	}
 
+	@Test
+	public void detailsCanBeHiddenFromUnauthorizedUsers() {
+		this.contextRunner
+				.withPropertyValues(
+						"management.endpoint.health.show-details=when-authorized",
+						"management.endpoint.health.roles=ACTUATOR")
+				.run((context) -> {
+					HealthEndpointWebExtension extension = context
+							.getBean(HealthEndpointWebExtension.class);
+					SecurityContext securityContext = mock(SecurityContext.class);
+					given(securityContext.getPrincipal())
+							.willReturn(mock(Principal.class));
+					given(securityContext.isUserInRole("ACTUATOR")).willReturn(false);
+					assertThat(
+							extension.getHealth(securityContext).getBody().getDetails())
+									.isEmpty();
+				});
+	}
+
+	@Test
+	public void detailsCanBeShownToAuthorizedUsers() {
+		this.contextRunner
+				.withPropertyValues(
+						"management.endpoint.health.show-details=when-authorized",
+						"management.endpoint.health.roles=ACTUATOR")
+				.run((context) -> {
+					HealthEndpointWebExtension extension = context
+							.getBean(HealthEndpointWebExtension.class);
+					SecurityContext securityContext = mock(SecurityContext.class);
+					given(securityContext.getPrincipal())
+							.willReturn(mock(Principal.class));
+					given(securityContext.isUserInRole("ACTUATOR")).willReturn(true);
+					assertThat(
+							extension.getHealth(securityContext).getBody().getDetails())
+									.isNotEmpty();
+				});
+	}
+
+	@Test
+	public void roleCanBeCustomized() {
+		this.contextRunner.withPropertyValues(
+				"management.endpoint.health.show-details=when-authorized",
+				"management.endpoint.health.roles=ADMIN").run((context) -> {
+					HealthEndpointWebExtension extension = context
+							.getBean(HealthEndpointWebExtension.class);
+					SecurityContext securityContext = mock(SecurityContext.class);
+					given(securityContext.getPrincipal())
+							.willReturn(mock(Principal.class));
+					given(securityContext.isUserInRole("ADMIN")).willReturn(true);
+					assertThat(
+							extension.getHealth(securityContext).getBody().getDetails())
+									.isNotEmpty();
+				});
+	}
+
 }

spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/health/ReactiveHealthEndpointWebExtensionTests.java

@@ -22,8 +22,10 @@
 import org.junit.Test;
 import reactor.core.publisher.Mono;
 
+import org.springframework.boot.actuate.endpoint.SecurityContext;
 import org.springframework.boot.actuate.health.Health;
 import org.springframework.boot.actuate.health.HealthEndpoint;
+import org.springframework.boot.actuate.health.HealthEndpointWebExtension;
 import org.springframework.boot.actuate.health.HealthIndicator;
 import org.springframework.boot.actuate.health.HealthStatusHttpMapper;
 import org.springframework.boot.actuate.health.ReactiveHealthEndpointWebExtension;
@@ -34,6 +36,7 @@
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 
 /**
@@ -86,7 +89,9 @@ public void regularAndReactiveHealthIndicatorsMatch() {
 					ReactiveHealthEndpointWebExtension extension = context
 							.getBean(ReactiveHealthEndpointWebExtension.class);
 					Health endpointHealth = endpoint.health();
-					Health extensionHealth = extension.health(mock(Principal.class))
+					SecurityContext securityContext = mock(SecurityContext.class);
+					given(securityContext.getPrincipal()).willReturn(mock(Principal.class));
+					Health extensionHealth = extension.health(securityContext)
 							.block().getBody();
 					assertThat(endpointHealth.getDetails())
 							.containsOnlyKeys("application", "first", "second");
@@ -100,7 +105,7 @@ public void unauthenticatedUsersAreNotShownDetailsByDefault() {
 		this.contextRunner.run((context) -> {
 			ReactiveHealthEndpointWebExtension extension = context
 					.getBean(ReactiveHealthEndpointWebExtension.class);
-			assertThat(extension.health(null).block().getBody().getDetails()).isEmpty();
+			assertThat(extension.health(mock(SecurityContext.class)).block().getBody().getDetails()).isEmpty();
 		});
 	}
 
@@ -109,7 +114,9 @@ public void authenticatedUsersAreShownDetailsByDefault() {
 		this.contextRunner.run((context) -> {
 			ReactiveHealthEndpointWebExtension extension = context
 					.getBean(ReactiveHealthEndpointWebExtension.class);
-			assertThat(extension.health(mock(Principal.class)).block().getBody()
+			SecurityContext securityContext = mock(SecurityContext.class);
+			given(securityContext.getPrincipal()).willReturn(mock(Principal.class));
+			assertThat(extension.health(securityContext).block().getBody()
 					.getDetails()).isNotEmpty();
 		});
 	}
@@ -133,11 +140,67 @@ public void detailsCanBeHiddenFromAuthenticatedUsers() {
 				.run((context) -> {
 					ReactiveHealthEndpointWebExtension extension = context
 							.getBean(ReactiveHealthEndpointWebExtension.class);
-					assertThat(extension.health(mock(Principal.class)).block().getBody()
+					SecurityContext securityContext = mock(SecurityContext.class);
+					assertThat(extension.health(securityContext).block().getBody()
 							.getDetails()).isEmpty();
 				});
 	}
 
+	@Test
+	public void detailsCanBeHiddenFromUnauthorizedUsers() {
+		this.contextRunner
+				.withPropertyValues(
+						"management.endpoint.health.show-details=when-authorized",
+						"management.endpoint.health.roles=ACTUATOR")
+				.run((context) -> {
+					ReactiveHealthEndpointWebExtension extension = context
+							.getBean(ReactiveHealthEndpointWebExtension.class);
+					SecurityContext securityContext = mock(SecurityContext.class);
+					given(securityContext.getPrincipal())
+							.willReturn(mock(Principal.class));
+					given(securityContext.isUserInRole("ACTUATOR")).willReturn(false);
+					assertThat(
+							extension.health(securityContext).block().getBody().getDetails())
+							.isEmpty();
+				});
+	}
+
+	@Test
+	public void detailsCanBeShownToAuthorizedUsers() {
+		this.contextRunner
+				.withPropertyValues(
+						"management.endpoint.health.show-details=when-authorized",
+						"management.endpoint.health.roles=ACTUATOR")
+				.run((context) -> {
+					ReactiveHealthEndpointWebExtension extension = context
+							.getBean(ReactiveHealthEndpointWebExtension.class);
+					SecurityContext securityContext = mock(SecurityContext.class);
+					given(securityContext.getPrincipal())
+							.willReturn(mock(Principal.class));
+					given(securityContext.isUserInRole("ACTUATOR")).willReturn(true);
+					assertThat(
+							extension.health(securityContext).block().getBody().getDetails())
+							.isNotEmpty();
+				});
+	}
+
+	@Test
+	public void roleCanBeCustomized() {
+		this.contextRunner.withPropertyValues(
+				"management.endpoint.health.show-details=when-authorized",
+				"management.endpoint.health.roles=ADMIN").run((context) -> {
+			ReactiveHealthEndpointWebExtension extension = context
+					.getBean(ReactiveHealthEndpointWebExtension.class);
+			SecurityContext securityContext = mock(SecurityContext.class);
+			given(securityContext.getPrincipal())
+					.willReturn(mock(Principal.class));
+			given(securityContext.isUserInRole("ADMIN")).willReturn(true);
+			assertThat(
+					extension.health(securityContext).block().getBody().getDetails())
+					.isNotEmpty();
+		});
+	}
+
 	@Configuration
 	static class HealthIndicatorsConfiguration {
 

spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/InvocationContext.java

@@ -16,7 +16,6 @@
 
 package org.springframework.boot.actuate.endpoint;
 
-import java.security.Principal;
 import java.util.Map;
 
 import org.springframework.boot.actuate.endpoint.invoke.OperationInvoker;
@@ -30,24 +29,26 @@
  */
 public class InvocationContext {
 
-	private final Principal principal;
+	private final SecurityContext securityContext;
 
 	private final Map<String, Object> arguments;
 
 	/**
 	 * Creates a new context for an operation being invoked by the given {@code principal}
 	 * with the given available {@code arguments}.
-	 * @param principal the principal invoking the operation. May be {@code null}
+	 * @param securityContext the current security context. Never {@code null}
 	 * @param arguments the arguments available to the operation. Never {@code null}
 	 */
-	public InvocationContext(Principal principal, Map<String, Object> arguments) {
+	public InvocationContext(SecurityContext securityContext,
+			Map<String, Object> arguments) {
+		Assert.notNull(securityContext, "SecurityContext must not be null");
 		Assert.notNull(arguments, "Arguments must not be null");
-		this.principal = principal;
+		this.securityContext = securityContext;
 		this.arguments = arguments;
 	}
 
-	public Principal getPrincipal() {
-		return this.principal;
+	public SecurityContext getSecurityContext() {
+		return this.securityContext;
 	}
 
 	public Map<String, Object> getArguments() {

spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/SecurityContext.java

@@ -0,0 +1,43 @@
+/*
+ * Copyright 2012-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.actuate.endpoint;
+
+import java.security.Principal;
+
+/**
+ * Security context in which an endpoint is being invoked.
+ *
+ * @author Andy Wilkinson
+ * @since 2.0.0
+ */
+public interface SecurityContext {
+
+	/**
+	 * Return the currently authenticated {@link Principal} or {@code null}.
+	 * @return the principal or {@code null}
+	 */
+	Principal getPrincipal();
+
+	/**
+	 * Returns {@code true} if the currently authenticated user is in the given
+	 * {@code role}, or false otherwise.
+	 * @param role name of the role
+	 * @return {@code true} if the user is in the given role
+	 */
+	boolean isUserInRole(String role);
+
+}