Remove concept of sensitivity from Actuator's endpoints

Closes spring-projectsgh-9924

Author: wilkinsona

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementWebSecurityAutoConfiguration.java

@@ -26,7 +26,6 @@
 import javax.servlet.http.HttpServletRequest;
 
 import org.springframework.beans.factory.ObjectProvider;
-import org.springframework.boot.actuate.endpoint.Endpoint;
 import org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMapping;
 import org.springframework.boot.actuate.endpoint.mvc.MvcEndpoint;
 import org.springframework.boot.actuate.endpoint.mvc.NamedMvcEndpoint;
@@ -62,7 +61,6 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
@@ -77,11 +75,7 @@
  * {@link EnableAutoConfiguration Auto-configuration} for security of framework endpoints.
  * Many aspects of the behavior can be controller with {@link ManagementServerProperties}
  * via externalized application properties (or via an bean definition of that type to set
- * the defaults).
- * <p>
- * The framework {@link Endpoint}s (used to expose application information to operations)
- * include a {@link Endpoint#isSensitive() sensitive} configuration option which will be
- * used as a security hint by the filter created here.
+ * the defaults)..
  *
  * @author Dave Syer
  * @author Andy Wilkinson
@@ -126,7 +120,6 @@ public void customize(IgnoredRequestConfigurer configurer) {
 						.getRequestMatcher(this.contextResolver);
 				configurer.requestMatchers(requestMatcher);
 			}
-
 		}
 
 	}
@@ -223,8 +216,6 @@ protected void configure(HttpSecurity http) throws Exception {
 				http.exceptionHandling().authenticationEntryPoint(entryPoint);
 				// Match all the requests for actuator endpoints ...
 				http.requestMatcher(matcher);
-				// ... but permitAll() for the non-sensitive ones
-				configurePermittedRequests(http.authorizeRequests());
 				http.httpBasic().authenticationEntryPoint(entryPoint).and().cors();
 				// No cookies for management endpoints by default
 				http.csrf().disable();
@@ -258,38 +249,9 @@ private AuthenticationEntryPoint entryPoint() {
 			return entryPoint;
 		}
 
-		private void configurePermittedRequests(
-				ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry requests) {
-			requests.requestMatchers(new LazyEndpointPathRequestMatcher(
-					this.contextResolver, EndpointPaths.SENSITIVE)).authenticated();
-			// Permit access to the non-sensitive endpoints
-			requests.requestMatchers(new LazyEndpointPathRequestMatcher(
-					this.contextResolver, EndpointPaths.NON_SENSITIVE)).permitAll();
-		}
-
 	}
 
-	private enum EndpointPaths {
-
-		ALL,
-
-		NON_SENSITIVE {
-
-			@Override
-			protected boolean isIncluded(MvcEndpoint endpoint) {
-				return !endpoint.isSensitive();
-			}
-
-		},
-
-		SENSITIVE {
-
-			@Override
-			protected boolean isIncluded(MvcEndpoint endpoint) {
-				return endpoint.isSensitive();
-			}
-
-		};
+	private static class EndpointPaths {
 
 		public String[] getPaths(EndpointHandlerMapping endpointHandlerMapping) {
 			if (endpointHandlerMapping == null) {
@@ -298,24 +260,18 @@ public String[] getPaths(EndpointHandlerMapping endpointHandlerMapping) {
 			Set<? extends MvcEndpoint> endpoints = endpointHandlerMapping.getEndpoints();
 			Set<String> paths = new LinkedHashSet<>(endpoints.size());
 			for (MvcEndpoint endpoint : endpoints) {
-				if (isIncluded(endpoint)) {
-					String path = endpointHandlerMapping.getPath(endpoint.getPath());
-					paths.add(path);
-					if (!path.equals("")) {
-						paths.add(path + "/**");
-						// Add Spring MVC-generated additional paths
-						paths.add(path + ".*");
-					}
-					paths.add(path + "/");
+				String path = endpointHandlerMapping.getPath(endpoint.getPath());
+				paths.add(path);
+				if (!path.equals("")) {
+					paths.add(path + "/**");
+					// Add Spring MVC-generated additional paths
+					paths.add(path + ".*");
 				}
+				paths.add(path + "/");
 			}
 			return paths.toArray(new String[paths.size()]);
 		}
 
-		protected boolean isIncluded(MvcEndpoint endpoint) {
-			return true;
-		}
-
 	}
 
 	private static class LazyEndpointPathRequestMatcher implements RequestMatcher {
@@ -342,7 +298,8 @@ public static RequestMatcher getRequestMatcher(
 				return matcher;
 			}
 			// Match everything, including the sensitive and non-sensitive paths
-			return new LazyEndpointPathRequestMatcher(contextResolver, EndpointPaths.ALL);
+			return new LazyEndpointPathRequestMatcher(contextResolver,
+					new EndpointPaths());
 		}
 
 		LazyEndpointPathRequestMatcher(ManagementContextResolver contextResolver,

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/cloudfoundry/CloudFoundryDiscoveryMvcEndpoint.java

@@ -41,7 +41,7 @@ class CloudFoundryDiscoveryMvcEndpoint extends AbstractMvcEndpoint {
 	private final Set<NamedMvcEndpoint> endpoints;
 
 	CloudFoundryDiscoveryMvcEndpoint(Set<NamedMvcEndpoint> endpoints) {
-		super("", false);
+		super("");
 		this.endpoints = endpoints;
 	}
 

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/AbstractEndpoint.java

@@ -41,47 +41,27 @@ public abstract class AbstractEndpoint<T> implements Endpoint<T>, EnvironmentAwa
 	 */
 	private String id;
 
-	private final boolean sensitiveDefault;
-
-	/**
-	 * Mark if the endpoint exposes sensitive information.
-	 */
-	private Boolean sensitive;
-
 	/**
 	 * Enable the endpoint.
 	 */
 	private Boolean enabled;
 
-	/**
-	 * Create a new sensitive endpoint instance. The endpoint will enabled flag will be
-	 * based on the spring {@link Environment} unless explicitly set.
-	 * @param id the endpoint ID
-	 */
-	public AbstractEndpoint(String id) {
-		this(id, true);
-	}
-
 	/**
 	 * Create a new endpoint instance. The endpoint will enabled flag will be based on the
 	 * spring {@link Environment} unless explicitly set.
 	 * @param id the endpoint ID
-	 * @param sensitive if the endpoint is sensitive by default
 	 */
-	public AbstractEndpoint(String id, boolean sensitive) {
+	public AbstractEndpoint(String id) {
 		setId(id);
-		this.sensitiveDefault = sensitive;
 	}
 
 	/**
 	 * Create a new endpoint instance.
 	 * @param id the endpoint ID
-	 * @param sensitive if the endpoint is sensitive
 	 * @param enabled if the endpoint is enabled or not.
 	 */
-	public AbstractEndpoint(String id, boolean sensitive, boolean enabled) {
+	public AbstractEndpoint(String id, boolean enabled) {
 		setId(id);
-		this.sensitiveDefault = sensitive;
 		this.enabled = enabled;
 	}
 
@@ -115,14 +95,4 @@ public void setEnabled(Boolean enabled) {
 		this.enabled = enabled;
 	}
 
-	@Override
-	public boolean isSensitive() {
-		return EndpointProperties.isSensitive(this.environment, this.sensitive,
-				this.sensitiveDefault);
-	}
-
-	public void setSensitive(Boolean sensitive) {
-		this.sensitive = sensitive;
-	}
-
 }

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/Endpoint.java

@@ -42,13 +42,6 @@ public interface Endpoint<T> {
 	 */
 	boolean isEnabled();
 
-	/**
-	 * Return if the endpoint is sensitive, i.e. may return data that the average user
-	 * should not see. Mappings can use this as a security hint.
-	 * @return if the endpoint is sensitive
-	 */
-	boolean isSensitive();
-
 	/**
 	 * Called to invoke the endpoint.
 	 * @return the results of the invocation

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/EndpointProperties.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2015 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -30,18 +30,11 @@ public class EndpointProperties {
 
 	private static final String ENDPOINTS_ENABLED_PROPERTY = "endpoints.enabled";
 
-	private static final String ENDPOINTS_SENSITIVE_PROPERTY = "endpoints.sensitive";
-
 	/**
 	 * Enable endpoints.
 	 */
 	private Boolean enabled = true;
 
-	/**
-	 * Default endpoint sensitive setting.
-	 */
-	private Boolean sensitive;
-
 	public Boolean getEnabled() {
 		return this.enabled;
 	}
@@ -50,14 +43,6 @@ public void setEnabled(Boolean enabled) {
 		this.enabled = enabled;
 	}
 
-	public Boolean getSensitive() {
-		return this.sensitive;
-	}
-
-	public void setSensitive(Boolean sensitive) {
-		this.sensitive = sensitive;
-	}
-
 	/**
 	 * Determine if an endpoint is enabled based on its specific property and taking into
 	 * account the global default.
@@ -76,25 +61,4 @@ public static boolean isEnabled(Environment environment, Boolean enabled) {
 		return true;
 	}
 
-	/**
-	 * Determine if an endpoint is sensitive based on its specific property and taking
-	 * into account the global default.
-	 * @param environment the Spring environment or {@code null}.
-	 * @param sensitive the endpoint property or {@code null}
-	 * @param sensitiveDefault the default setting to use if no environment property is
-	 * defined
-	 * @return if the endpoint is sensitive
-	 */
-	public static boolean isSensitive(Environment environment, Boolean sensitive,
-			boolean sensitiveDefault) {
-		if (sensitive != null) {
-			return sensitive;
-		}
-		if (environment != null
-				&& environment.containsProperty(ENDPOINTS_SENSITIVE_PROPERTY)) {
-			return environment.getProperty(ENDPOINTS_SENSITIVE_PROPERTY, Boolean.class);
-		}
-		return sensitiveDefault;
-	}
-
 }

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/HealthEndpoint.java

@@ -49,7 +49,7 @@ public class HealthEndpoint extends AbstractEndpoint<Health> {
 	 */
 	public HealthEndpoint(HealthAggregator healthAggregator,
 			Map<String, HealthIndicator> healthIndicators) {
-		super("health", false);
+		super("health");
 		Assert.notNull(healthAggregator, "HealthAggregator must not be null");
 		Assert.notNull(healthIndicators, "HealthIndicators must not be null");
 		CompositeHealthIndicator healthIndicator = new CompositeHealthIndicator(

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/InfoEndpoint.java

@@ -41,7 +41,7 @@ public class InfoEndpoint extends AbstractEndpoint<Map<String, Object>> {
 	 * @param infoContributors the info contributors to use
 	 */
 	public InfoEndpoint(List<InfoContributor> infoContributors) {
-		super("info", false);
+		super("info");
 		Assert.notNull(infoContributors, "Info contributors must not be null");
 		this.infoContributors = infoContributors;
 	}

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/ShutdownEndpoint.java

@@ -50,7 +50,7 @@ public class ShutdownEndpoint extends AbstractEndpoint<Map<String, Object>>
 	 * Create a new {@link ShutdownEndpoint} instance.
 	 */
 	public ShutdownEndpoint() {
-		super("shutdown", true, false);
+		super("shutdown", false);
 	}
 
 	@Override

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/jmx/EndpointMBean.java

@@ -64,11 +64,6 @@ public boolean isEnabled() {
 		return this.endpoint.isEnabled();
 	}
 
-	@ManagedAttribute(description = "Indicates whether the underlying endpoint exposes sensitive information")
-	public boolean isSensitive() {
-		return this.endpoint.isSensitive();
-	}
-
 	@Override
 	public String getIdentity() {
 		return ObjectUtils.getIdentityHexString(getEndpoint());

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/AbstractEndpointMvcAdapter.java

@@ -80,11 +80,6 @@ public void setPath(String path) {
 		this.path = path;
 	}
 
-	@Override
-	public boolean isSensitive() {
-		return this.delegate.isSensitive();
-	}
-
 	@Override
 	@SuppressWarnings("rawtypes")
 	public Class<? extends Endpoint> getEndpointType() {

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/AbstractMvcEndpoint.java

@@ -46,22 +46,8 @@ public abstract class AbstractMvcEndpoint
 	 */
 	private Boolean enabled;
 
-	/**
-	 * Mark if the endpoint exposes sensitive information.
-	 */
-	private Boolean sensitive;
-
-	private final boolean sensitiveDefault;
-
-	public AbstractMvcEndpoint(String path, boolean sensitive) {
+	public AbstractMvcEndpoint(String path) {
 		setPath(path);
-		this.sensitiveDefault = sensitive;
-	}
-
-	public AbstractMvcEndpoint(String path, boolean sensitive, boolean enabled) {
-		setPath(path);
-		this.sensitiveDefault = sensitive;
-		this.enabled = enabled;
 	}
 
 	@Override
@@ -93,16 +79,6 @@ public void setEnabled(Boolean enabled) {
 		this.enabled = enabled;
 	}
 
-	@Override
-	public boolean isSensitive() {
-		return EndpointProperties.isSensitive(this.environment, this.sensitive,
-				this.sensitiveDefault);
-	}
-
-	public void setSensitive(Boolean sensitive) {
-		this.sensitive = sensitive;
-	}
-
 	@Override
 	@SuppressWarnings("rawtypes")
 	public Class<? extends Endpoint> getEndpointType() {

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/AbstractNamedMvcEndpoint.java

@@ -31,15 +31,8 @@ public abstract class AbstractNamedMvcEndpoint extends AbstractMvcEndpoint
 
 	private final String name;
 
-	public AbstractNamedMvcEndpoint(String name, String path, boolean sensitive) {
-		super(path, sensitive);
-		Assert.hasLength(name, "Name must not be empty");
-		this.name = name;
-	}
-
-	public AbstractNamedMvcEndpoint(String name, String path, boolean sensitive,
-			boolean enabled) {
-		super(path, sensitive, enabled);
+	public AbstractNamedMvcEndpoint(String name, String path) {
+		super(path);
 		Assert.hasLength(name, "Name must not be empty");
 		this.name = name;
 	}