Allow to disable SSL client authentication on the management port

When server and management are at different ports, and when server
requires TLS client authentication, then there is no simple method to
disable TLS client authentication for management port.

This commit adds an additional "none" option to ssl.client-auth.

Example:

    server.port=8080
    server.ssl.enabled=true
    server.ssl.client-auth=need
    management.server.port=8081
    management.server.ssl.enabled=true
    management.server.ssl.client-auth=none

See gh-14985

Author: alonbl

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/resources/META-INF/additional-spring-configuration-metadata.json

@@ -303,7 +303,7 @@
     },
     {
       "name": "management.server.ssl.client-auth",
-      "description": "Whether client authentication is wanted (\"want\") or needed (\"need\"). Requires a trust store."
+      "description": "Whether client authentication is not wanted (\"none\"), wanted (\"want\") or needed (\"need\"). Requires a trust store."
     },
     {
       "name": "management.server.ssl.enabled",

spring-boot-project/spring-boot-autoconfigure/src/main/resources/META-INF/additional-spring-configuration-metadata.json

@@ -136,7 +136,7 @@
     },
     {
       "name": "server.ssl.client-auth",
-      "description": "Whether client authentication is wanted (\"want\") or needed (\"need\"). Requires a trust store."
+      "description": "Whether client authentication is not wanted (\"none\"), wanted (\"want\") or needed (\"need\"). Requires a trust store."
     },
     {
       "name": "server.ssl.enabled",

spring-boot-project/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc

@@ -233,7 +233,7 @@ content into your application. Rather, pick only the properties that you need.
 	server.servlet.session.timeout=30m # Session timeout. If a duration suffix is not specified, seconds will be used.
 	server.servlet.session.tracking-modes= # Session tracking modes.
 	server.ssl.ciphers= # Supported SSL ciphers.
-	server.ssl.client-auth= # Whether client authentication is wanted ("want") or needed ("need"). Requires a trust store.
+	server.ssl.client-auth= # Whether client authentication is not wanted ("none"), wanted ("want") or needed ("need"). Requires a trust store.
 	server.ssl.enabled=true # Whether to enable SSL support.
 	server.ssl.enabled-protocols= # Enabled SSL protocols.
 	server.ssl.key-alias= # Alias that identifies the key in the key store.
@@ -1205,7 +1205,7 @@ content into your application. Rather, pick only the properties that you need.
 	management.server.port= # Management endpoint HTTP port (uses the same port as the application by default). Configure a different port to use management-specific SSL.
 	management.server.servlet.context-path= # Management endpoint context-path (for instance, `/management`). Requires a custom management.server.port.
 	management.server.ssl.ciphers= # Supported SSL ciphers.
-	management.server.ssl.client-auth= # Whether client authentication is wanted ("want") or needed ("need"). Requires a trust store.
+	management.server.ssl.client-auth= # Whether client authentication is not wanted ("none"), wanted ("want") or needed ("need"). Requires a trust store.
 	management.server.ssl.enabled=true # Whether to enable SSL support.
 	management.server.ssl.enabled-protocols= # Enabled SSL protocols.
 	management.server.ssl.key-alias= # Alias that identifies the key in the key store.

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/server/Ssl.java

@@ -28,7 +28,7 @@ public class Ssl {
 
 	private boolean enabled = true;
 
-	private ClientAuth clientAuth;
+	private ClientAuth clientAuth = ClientAuth.NONE;
 
 	private String[] ciphers;
 
@@ -69,16 +69,21 @@ public void setEnabled(boolean enabled) {
 	}
 
 	/**
-	 * Return Whether client authentication is wanted ("want") or needed ("need").
-	 * Requires a trust store.
+	 * Return Whether client authentication is not wanted ("none"), wanted ("want") or
+	 * needed ("need"). Requires a trust store.
 	 * @return the {@link ClientAuth} to use
 	 */
 	public ClientAuth getClientAuth() {
 		return this.clientAuth;
 	}
 
 	public void setClientAuth(ClientAuth clientAuth) {
-		this.clientAuth = clientAuth;
+		if (clientAuth == null) {
+			this.clientAuth = ClientAuth.NONE;
+		}
+		else {
+			this.clientAuth = clientAuth;
+		}
 	}
 
 	/**
@@ -243,6 +248,11 @@ public void setProtocol(String protocol) {
 	 */
 	public enum ClientAuth {
 
+		/**
+		 * Client authentication is not wanted.
+		 */
+		NONE,
+
 		/**
 		 * Client authentication is wanted but not mandatory.
 		 */