Introduce EndpointID to enforce naming rules

Add an `EndpointID` class to enforce the naming rules that we support
for actuator endpoints. We now ensure that all endpoint names contain
only letters and numbers and must begin with a lower-case letter.

Existing public classes and interfaces have been changes so that String
based `endpointId` methods are deprecated and strongly typed versions
are preferred instead. A few public classes that we're not expecting
to be used directly have been changed without deprecated methods being
introduced.

See gh-14773

Author: philwebb

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/AccessLevel.java

@@ -40,19 +40,19 @@ public enum AccessLevel {
 
 	public static final String REQUEST_ATTRIBUTE = "cloudFoundryAccessLevel";
 
-	private final List<String> endpointIds;
+	private final List<String> ids;
 
-	AccessLevel(String... endpointIds) {
-		this.endpointIds = Arrays.asList(endpointIds);
+	AccessLevel(String... ids) {
+		this.ids = Arrays.asList(ids);
 	}
 
 	/**
-	 * Returns if the access level should allow access to the specified endpoint path.
-	 * @param endpointId the endpoint ID to check
+	 * Returns if the access level should allow access to the specified ID.
+	 * @param id the ID to check
 	 * @return {@code true} if access is allowed
 	 */
-	public boolean isAccessAllowed(String endpointId) {
-		return this.endpointIds.isEmpty() || this.endpointIds.contains(endpointId);
+	public boolean isAccessAllowed(String id) {
+		return this.ids.isEmpty() || this.ids.contains(id);
 	}
 
 }

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/reactive/CloudFoundrySecurityInterceptor.java

@@ -59,7 +59,7 @@ class CloudFoundrySecurityInterceptor {
 		this.applicationId = applicationId;
 	}
 
-	Mono<SecurityResponse> preHandle(ServerWebExchange exchange, String endpointId) {
+	Mono<SecurityResponse> preHandle(ServerWebExchange exchange, String id) {
 		ServerHttpRequest request = exchange.getRequest();
 		if (CorsUtils.isPreFlightRequest(request)) {
 			return SUCCESS;
@@ -72,21 +72,21 @@ Mono<SecurityResponse> preHandle(ServerWebExchange exchange, String endpointId)
 			return Mono.error(new CloudFoundryAuthorizationException(
 					Reason.SERVICE_UNAVAILABLE, "Cloud controller URL is not available"));
 		}
-		return check(exchange, endpointId).then(SUCCESS).doOnError(this::logError)
+		return check(exchange, id).then(SUCCESS).doOnError(this::logError)
 				.onErrorResume(this::getErrorResponse);
 	}
 
 	private void logError(Throwable ex) {
 		logger.error(ex.getMessage(), ex);
 	}
 
-	private Mono<Void> check(ServerWebExchange exchange, String path) {
+	private Mono<Void> check(ServerWebExchange exchange, String id) {
 		try {
 			Token token = getToken(exchange.getRequest());
 			return this.tokenValidator.validate(token)
 					.then(this.cloudFoundrySecurityService
 							.getAccessLevel(token.toString(), this.applicationId))
-					.filter((accessLevel) -> accessLevel.isAccessAllowed(path))
+					.filter((accessLevel) -> accessLevel.isAccessAllowed(id))
 					.switchIfEmpty(Mono.error(new CloudFoundryAuthorizationException(
 							Reason.ACCESS_DENIED, "Access denied")))
 					.doOnSuccess((accessLevel) -> exchange.getAttributes()

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/reactive/CloudFoundryWebFluxEndpointHandlerMapping.java

@@ -27,6 +27,7 @@
 
 import org.springframework.boot.actuate.autoconfigure.cloudfoundry.AccessLevel;
 import org.springframework.boot.actuate.autoconfigure.cloudfoundry.SecurityResponse;
+import org.springframework.boot.actuate.endpoint.EndpointId;
 import org.springframework.boot.actuate.endpoint.web.EndpointLinksResolver;
 import org.springframework.boot.actuate.endpoint.web.EndpointMapping;
 import org.springframework.boot.actuate.endpoint.web.EndpointMediaTypes;
@@ -70,7 +71,7 @@ class CloudFoundryWebFluxEndpointHandlerMapping
 	protected ReactiveWebOperation wrapReactiveWebOperation(ExposableWebEndpoint endpoint,
 			WebOperation operation, ReactiveWebOperation reactiveWebOperation) {
 		return new SecureReactiveWebOperation(reactiveWebOperation,
-				this.securityInterceptor, endpoint.getId());
+				this.securityInterceptor, endpoint.getEndpointId());
 	}
 
 	@Override
@@ -113,10 +114,11 @@ private static class SecureReactiveWebOperation implements ReactiveWebOperation
 
 		private final CloudFoundrySecurityInterceptor securityInterceptor;
 
-		private final String endpointId;
+		private final EndpointId endpointId;
 
 		SecureReactiveWebOperation(ReactiveWebOperation delegate,
-				CloudFoundrySecurityInterceptor securityInterceptor, String endpointId) {
+				CloudFoundrySecurityInterceptor securityInterceptor,
+				EndpointId endpointId) {
 			this.delegate = delegate;
 			this.securityInterceptor = securityInterceptor;
 			this.endpointId = endpointId;
@@ -125,7 +127,8 @@ private static class SecureReactiveWebOperation implements ReactiveWebOperation
 		@Override
 		public Mono<ResponseEntity<Object>> handle(ServerWebExchange exchange,
 				Map<String, String> body) {
-			return this.securityInterceptor.preHandle(exchange, this.endpointId)
+			return this.securityInterceptor
+					.preHandle(exchange, this.endpointId.toLowerCaseString())
 					.flatMap((securityResponse) -> flatMapResponse(exchange, body,
 							securityResponse));
 		}

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundrySecurityInterceptor.java

@@ -28,6 +28,7 @@
 import org.springframework.boot.actuate.autoconfigure.cloudfoundry.CloudFoundryAuthorizationException.Reason;
 import org.springframework.boot.actuate.autoconfigure.cloudfoundry.SecurityResponse;
 import org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token;
+import org.springframework.boot.actuate.endpoint.EndpointId;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
 import org.springframework.util.StringUtils;
@@ -59,7 +60,7 @@ class CloudFoundrySecurityInterceptor {
 		this.applicationId = applicationId;
 	}
 
-	SecurityResponse preHandle(HttpServletRequest request, String endpointId) {
+	SecurityResponse preHandle(HttpServletRequest request, EndpointId endpointId) {
 		if (CorsUtils.isPreFlightRequest(request)) {
 			return SecurityResponse.success();
 		}
@@ -90,12 +91,14 @@ SecurityResponse preHandle(HttpServletRequest request, String endpointId) {
 		return SecurityResponse.success();
 	}
 
-	private void check(HttpServletRequest request, String endpointId) throws Exception {
+	private void check(HttpServletRequest request, EndpointId endpointId)
+			throws Exception {
 		Token token = getToken(request);
 		this.tokenValidator.validate(token);
 		AccessLevel accessLevel = this.cloudFoundrySecurityService
 				.getAccessLevel(token.toString(), this.applicationId);
-		if (!accessLevel.isAccessAllowed(endpointId)) {
+		if (!accessLevel.isAccessAllowed(
+				(endpointId != null) ? endpointId.toLowerCaseString() : "")) {
 			throw new CloudFoundryAuthorizationException(Reason.ACCESS_DENIED,
 					"Access denied");
 		}

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryWebEndpointServletHandlerMapping.java

@@ -27,6 +27,7 @@
 
 import org.springframework.boot.actuate.autoconfigure.cloudfoundry.AccessLevel;
 import org.springframework.boot.actuate.autoconfigure.cloudfoundry.SecurityResponse;
+import org.springframework.boot.actuate.endpoint.EndpointId;
 import org.springframework.boot.actuate.endpoint.web.EndpointLinksResolver;
 import org.springframework.boot.actuate.endpoint.web.EndpointMapping;
 import org.springframework.boot.actuate.endpoint.web.EndpointMediaTypes;
@@ -68,15 +69,15 @@ class CloudFoundryWebEndpointServletHandlerMapping
 	protected ServletWebOperation wrapServletWebOperation(ExposableWebEndpoint endpoint,
 			WebOperation operation, ServletWebOperation servletWebOperation) {
 		return new SecureServletWebOperation(servletWebOperation,
-				this.securityInterceptor, endpoint.getId());
+				this.securityInterceptor, endpoint.getEndpointId());
 	}
 
 	@Override
 	@ResponseBody
 	protected Map<String, Map<String, Link>> links(HttpServletRequest request,
 			HttpServletResponse response) {
 		SecurityResponse securityResponse = this.securityInterceptor.preHandle(request,
-				"");
+				null);
 		if (!securityResponse.getStatus().equals(HttpStatus.OK)) {
 			sendFailureResponse(response, securityResponse);
 		}
@@ -115,10 +116,11 @@ private static class SecureServletWebOperation implements ServletWebOperation {
 
 		private final CloudFoundrySecurityInterceptor securityInterceptor;
 
-		private final String endpointId;
+		private final EndpointId endpointId;
 
 		SecureServletWebOperation(ServletWebOperation delegate,
-				CloudFoundrySecurityInterceptor securityInterceptor, String endpointId) {
+				CloudFoundrySecurityInterceptor securityInterceptor,
+				EndpointId endpointId) {
 			this.delegate = delegate;
 			this.securityInterceptor = securityInterceptor;
 			this.endpointId = endpointId;

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/endpoint/ExposeExcludePropertyEndpointFilter.java

@@ -110,7 +110,7 @@ private boolean isExcluded(ExposableEndpoint<?> endpoint) {
 	}
 
 	private boolean contains(Set<String> items, ExposableEndpoint<?> endpoint) {
-		return items.contains(endpoint.getId().toLowerCase(Locale.ENGLISH));
+		return items.contains(endpoint.getEndpointId().toLowerCaseString());
 	}
 
 }

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/endpoint/jmx/DefaultEndpointObjectNameFactory.java

@@ -52,7 +52,8 @@ public ObjectName getObjectName(ExposableJmxEndpoint endpoint)
 			throws MalformedObjectNameException {
 		StringBuilder builder = new StringBuilder(this.properties.getDomain());
 		builder.append(":type=Endpoint");
-		builder.append(",name=" + StringUtils.capitalize(endpoint.getId()));
+		builder.append(
+				",name=" + StringUtils.capitalize(endpoint.getEndpointId().toString()));
 		String baseName = builder.toString();
 		if (this.mBeanServer != null && hasMBean(baseName)) {
 			builder.append(",context=" + this.contextId);

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/endpoint/web/MappingWebEndpointPathMapper.java

@@ -18,6 +18,7 @@
 
 import java.util.Map;
 
+import org.springframework.boot.actuate.endpoint.EndpointId;
 import org.springframework.boot.actuate.endpoint.web.PathMapper;
 
 /**
@@ -35,8 +36,14 @@ class MappingWebEndpointPathMapper implements PathMapper {
 	}
 
 	@Override
+	@Deprecated
 	public String getRootPath(String endpointId) {
-		return this.pathMapping.getOrDefault(endpointId, endpointId);
+		return getRootPath(EndpointId.of(endpointId));
+	}
+
+	@Override
+	public String getRootPath(EndpointId endpointId) {
+		return this.pathMapping.getOrDefault(endpointId, endpointId.toLowerCaseString());
 	}
 
 }

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/reactive/EndpointRequest.java

@@ -31,6 +31,7 @@
 
 import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointProperties;
+import org.springframework.boot.actuate.endpoint.EndpointId;
 import org.springframework.boot.actuate.endpoint.annotation.Endpoint;
 import org.springframework.boot.actuate.endpoint.web.PathMappedEndpoints;
 import org.springframework.boot.security.reactive.ApplicationContextServerWebExchangeMatcher;
@@ -208,22 +209,25 @@ private Stream<String> streamPaths(List<Object> source,
 					.map(pathMappedEndpoints::getPath);
 		}
 
-		private String getEndpointId(Object source) {
+		private EndpointId getEndpointId(Object source) {
+			if (source instanceof EndpointId) {
+				return (EndpointId) source;
+			}
 			if (source instanceof String) {
-				return (String) source;
+				return (EndpointId.of((String) source));
 			}
 			if (source instanceof Class) {
 				return getEndpointId((Class<?>) source);
 			}
 			throw new IllegalStateException("Unsupported source " + source);
 		}
 
-		private String getEndpointId(Class<?> source) {
+		private EndpointId getEndpointId(Class<?> source) {
 			Endpoint annotation = AnnotatedElementUtils.getMergedAnnotation(source,
 					Endpoint.class);
 			Assert.state(annotation != null,
 					() -> "Class " + source + " is not annotated with @Endpoint");
-			return annotation.id();
+			return EndpointId.of(annotation.id());
 		}
 
 		private List<ServerWebExchangeMatcher> getDelegateMatchers(Set<String> paths) {

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequest.java

@@ -31,6 +31,7 @@
 
 import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointProperties;
+import org.springframework.boot.actuate.endpoint.EndpointId;
 import org.springframework.boot.actuate.endpoint.annotation.Endpoint;
 import org.springframework.boot.actuate.endpoint.web.PathMappedEndpoints;
 import org.springframework.boot.autoconfigure.security.servlet.RequestMatcherProvider;
@@ -256,22 +257,25 @@ private Stream<String> streamPaths(List<Object> source,
 					.map(pathMappedEndpoints::getPath);
 		}
 
-		private String getEndpointId(Object source) {
+		private EndpointId getEndpointId(Object source) {
+			if (source instanceof EndpointId) {
+				return (EndpointId) source;
+			}
 			if (source instanceof String) {
-				return (String) source;
+				return (EndpointId.of((String) source));
 			}
 			if (source instanceof Class) {
 				return getEndpointId((Class<?>) source);
 			}
 			throw new IllegalStateException("Unsupported source " + source);
 		}
 
-		private String getEndpointId(Class<?> source) {
+		private EndpointId getEndpointId(Class<?> source) {
 			Endpoint annotation = AnnotatedElementUtils.getMergedAnnotation(source,
 					Endpoint.class);
 			Assert.state(annotation != null,
 					() -> "Class " + source + " is not annotated with @Endpoint");
-			return annotation.id();
+			return EndpointId.of(annotation.id());
 		}
 
 		private List<RequestMatcher> getDelegateMatchers(