Merge branch 'gh-14773' into 2.0.x

Closes gh-14773

Author: philwebb

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/AccessLevel.java

@@ -40,19 +40,19 @@ public enum AccessLevel {
 
 	public static final String REQUEST_ATTRIBUTE = "cloudFoundryAccessLevel";
 
-	private final List<String> endpointIds;
+	private final List<String> ids;
 
-	AccessLevel(String... endpointIds) {
-		this.endpointIds = Arrays.asList(endpointIds);
+	AccessLevel(String... ids) {
+		this.ids = Arrays.asList(ids);
 	}
 
 	/**
-	 * Returns if the access level should allow access to the specified endpoint path.
-	 * @param endpointId the endpoint ID to check
+	 * Returns if the access level should allow access to the specified ID.
+	 * @param id the ID to check
 	 * @return {@code true} if access is allowed
 	 */
-	public boolean isAccessAllowed(String endpointId) {
-		return this.endpointIds.isEmpty() || this.endpointIds.contains(endpointId);
+	public boolean isAccessAllowed(String id) {
+		return this.ids.isEmpty() || this.ids.contains(id);
 	}
 
 }

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/reactive/CloudFoundrySecurityInterceptor.java

@@ -59,7 +59,7 @@ class CloudFoundrySecurityInterceptor {
 		this.applicationId = applicationId;
 	}
 
-	Mono<SecurityResponse> preHandle(ServerWebExchange exchange, String endpointId) {
+	Mono<SecurityResponse> preHandle(ServerWebExchange exchange, String id) {
 		ServerHttpRequest request = exchange.getRequest();
 		if (CorsUtils.isPreFlightRequest(request)) {
 			return SUCCESS;
@@ -72,21 +72,21 @@ Mono<SecurityResponse> preHandle(ServerWebExchange exchange, String endpointId)
 			return Mono.error(new CloudFoundryAuthorizationException(
 					Reason.SERVICE_UNAVAILABLE, "Cloud controller URL is not available"));
 		}
-		return check(exchange, endpointId).then(SUCCESS).doOnError(this::logError)
+		return check(exchange, id).then(SUCCESS).doOnError(this::logError)
 				.onErrorResume(this::getErrorResponse);
 	}
 
 	private void logError(Throwable ex) {
 		logger.error(ex.getMessage(), ex);
 	}
 
-	private Mono<Void> check(ServerWebExchange exchange, String path) {
+	private Mono<Void> check(ServerWebExchange exchange, String id) {
 		try {
 			Token token = getToken(exchange.getRequest());
 			return this.tokenValidator.validate(token)
 					.then(this.cloudFoundrySecurityService
 							.getAccessLevel(token.toString(), this.applicationId))
-					.filter((accessLevel) -> accessLevel.isAccessAllowed(path))
+					.filter((accessLevel) -> accessLevel.isAccessAllowed(id))
 					.switchIfEmpty(Mono.error(new CloudFoundryAuthorizationException(
 							Reason.ACCESS_DENIED, "Access denied")))
 					.doOnSuccess((accessLevel) -> exchange.getAttributes()

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/reactive/CloudFoundryWebFluxEndpointHandlerMapping.java

@@ -27,6 +27,7 @@
 
 import org.springframework.boot.actuate.autoconfigure.cloudfoundry.AccessLevel;
 import org.springframework.boot.actuate.autoconfigure.cloudfoundry.SecurityResponse;
+import org.springframework.boot.actuate.endpoint.EndpointId;
 import org.springframework.boot.actuate.endpoint.web.EndpointLinksResolver;
 import org.springframework.boot.actuate.endpoint.web.EndpointMapping;
 import org.springframework.boot.actuate.endpoint.web.EndpointMediaTypes;
@@ -70,7 +71,7 @@ class CloudFoundryWebFluxEndpointHandlerMapping
 	protected ReactiveWebOperation wrapReactiveWebOperation(ExposableWebEndpoint endpoint,
 			WebOperation operation, ReactiveWebOperation reactiveWebOperation) {
 		return new SecureReactiveWebOperation(reactiveWebOperation,
-				this.securityInterceptor, endpoint.getId());
+				this.securityInterceptor, endpoint.getEndpointId());
 	}
 
 	@Override
@@ -113,10 +114,11 @@ private static class SecureReactiveWebOperation implements ReactiveWebOperation
 
 		private final CloudFoundrySecurityInterceptor securityInterceptor;
 
-		private final String endpointId;
+		private final EndpointId endpointId;
 
 		SecureReactiveWebOperation(ReactiveWebOperation delegate,
-				CloudFoundrySecurityInterceptor securityInterceptor, String endpointId) {
+				CloudFoundrySecurityInterceptor securityInterceptor,
+				EndpointId endpointId) {
 			this.delegate = delegate;
 			this.securityInterceptor = securityInterceptor;
 			this.endpointId = endpointId;
@@ -125,7 +127,8 @@ private static class SecureReactiveWebOperation implements ReactiveWebOperation
 		@Override
 		public Mono<ResponseEntity<Object>> handle(ServerWebExchange exchange,
 				Map<String, String> body) {
-			return this.securityInterceptor.preHandle(exchange, this.endpointId)
+			return this.securityInterceptor
+					.preHandle(exchange, this.endpointId.toLowerCaseString())
 					.flatMap((securityResponse) -> flatMapResponse(exchange, body,
 							securityResponse));
 		}

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundrySecurityInterceptor.java

@@ -28,6 +28,7 @@
 import org.springframework.boot.actuate.autoconfigure.cloudfoundry.CloudFoundryAuthorizationException.Reason;
 import org.springframework.boot.actuate.autoconfigure.cloudfoundry.SecurityResponse;
 import org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token;
+import org.springframework.boot.actuate.endpoint.EndpointId;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
 import org.springframework.util.StringUtils;
@@ -59,7 +60,7 @@ class CloudFoundrySecurityInterceptor {
 		this.applicationId = applicationId;
 	}
 
-	SecurityResponse preHandle(HttpServletRequest request, String endpointId) {
+	SecurityResponse preHandle(HttpServletRequest request, EndpointId endpointId) {
 		if (CorsUtils.isPreFlightRequest(request)) {
 			return SecurityResponse.success();
 		}
@@ -90,12 +91,14 @@ SecurityResponse preHandle(HttpServletRequest request, String endpointId) {
 		return SecurityResponse.success();
 	}
 
-	private void check(HttpServletRequest request, String endpointId) throws Exception {
+	private void check(HttpServletRequest request, EndpointId endpointId)
+			throws Exception {
 		Token token = getToken(request);
 		this.tokenValidator.validate(token);
 		AccessLevel accessLevel = this.cloudFoundrySecurityService
 				.getAccessLevel(token.toString(), this.applicationId);
-		if (!accessLevel.isAccessAllowed(endpointId)) {
+		if (!accessLevel.isAccessAllowed(
+				(endpointId != null) ? endpointId.toLowerCaseString() : "")) {
 			throw new CloudFoundryAuthorizationException(Reason.ACCESS_DENIED,
 					"Access denied");
 		}

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryWebEndpointServletHandlerMapping.java

@@ -27,6 +27,7 @@
 
 import org.springframework.boot.actuate.autoconfigure.cloudfoundry.AccessLevel;
 import org.springframework.boot.actuate.autoconfigure.cloudfoundry.SecurityResponse;
+import org.springframework.boot.actuate.endpoint.EndpointId;
 import org.springframework.boot.actuate.endpoint.web.EndpointLinksResolver;
 import org.springframework.boot.actuate.endpoint.web.EndpointMapping;
 import org.springframework.boot.actuate.endpoint.web.EndpointMediaTypes;
@@ -68,15 +69,15 @@ class CloudFoundryWebEndpointServletHandlerMapping
 	protected ServletWebOperation wrapServletWebOperation(ExposableWebEndpoint endpoint,
 			WebOperation operation, ServletWebOperation servletWebOperation) {
 		return new SecureServletWebOperation(servletWebOperation,
-				this.securityInterceptor, endpoint.getId());
+				this.securityInterceptor, endpoint.getEndpointId());
 	}
 
 	@Override
 	@ResponseBody
 	protected Map<String, Map<String, Link>> links(HttpServletRequest request,
 			HttpServletResponse response) {
 		SecurityResponse securityResponse = this.securityInterceptor.preHandle(request,
-				"");
+				null);
 		if (!securityResponse.getStatus().equals(HttpStatus.OK)) {
 			sendFailureResponse(response, securityResponse);
 		}
@@ -115,10 +116,11 @@ private static class SecureServletWebOperation implements ServletWebOperation {
 
 		private final CloudFoundrySecurityInterceptor securityInterceptor;
 
-		private final String endpointId;
+		private final EndpointId endpointId;
 
 		SecureServletWebOperation(ServletWebOperation delegate,
-				CloudFoundrySecurityInterceptor securityInterceptor, String endpointId) {
+				CloudFoundrySecurityInterceptor securityInterceptor,
+				EndpointId endpointId) {
 			this.delegate = delegate;
 			this.securityInterceptor = securityInterceptor;
 			this.endpointId = endpointId;

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/endpoint/EndpointIdTimeToLivePropertyFunction.java

@@ -19,6 +19,7 @@
 import java.time.Duration;
 import java.util.function.Function;
 
+import org.springframework.boot.actuate.endpoint.EndpointId;
 import org.springframework.boot.actuate.endpoint.invoker.cache.CachingOperationInvokerAdvisor;
 import org.springframework.boot.context.properties.bind.BindResult;
 import org.springframework.boot.context.properties.bind.Bindable;
@@ -33,7 +34,7 @@
  * @author Stephane Nicoll
  * @author Phillip Webb
  */
-class EndpointIdTimeToLivePropertyFunction implements Function<String, Long> {
+class EndpointIdTimeToLivePropertyFunction implements Function<EndpointId, Long> {
 
 	private static final Bindable<Duration> DURATION = Bindable.of(Duration.class);
 
@@ -48,9 +49,9 @@ class EndpointIdTimeToLivePropertyFunction implements Function<String, Long> {
 	}
 
 	@Override
-	public Long apply(String endpointId) {
+	public Long apply(EndpointId endpointId) {
 		String name = String.format("management.endpoint.%s.cache.time-to-live",
-				endpointId);
+				endpointId.toLowerCaseString());
 		BindResult<Duration> duration = Binder.get(this.environment).bind(name, DURATION);
 		return duration.map(Duration::toMillis).orElse(null);
 	}

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/endpoint/ExposeExcludePropertyEndpointFilter.java

@@ -21,11 +21,13 @@
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Locale;
 import java.util.Set;
 import java.util.stream.Collectors;
 
 import org.springframework.boot.actuate.endpoint.EndpointFilter;
+import org.springframework.boot.actuate.endpoint.EndpointId;
 import org.springframework.boot.actuate.endpoint.ExposableEndpoint;
 import org.springframework.boot.context.properties.bind.Bindable;
 import org.springframework.boot.context.properties.bind.Binder;
@@ -74,10 +76,19 @@ public ExposeExcludePropertyEndpointFilter(Class<E> endpointType,
 	}
 
 	private Set<String> bind(Binder binder, String name) {
-		return asSet(binder.bind(name, Bindable.listOf(String.class))
+		return asSet(binder.bind(name, Bindable.listOf(String.class)).map(this::cleanup)
 				.orElseGet(ArrayList::new));
 	}
 
+	private List<String> cleanup(List<String> values) {
+		return values.stream().map(this::cleanup).collect(Collectors.toList());
+	}
+
+	private String cleanup(String value) {
+		return "*".equals(value) ? "*"
+				: EndpointId.fromPropertyValue(value).toLowerCaseString();
+	}
+
 	private Set<String> asSet(Collection<String> items) {
 		if (items == null) {
 			return Collections.emptySet();
@@ -110,7 +121,7 @@ private boolean isExcluded(ExposableEndpoint<?> endpoint) {
 	}
 
 	private boolean contains(Set<String> items, ExposableEndpoint<?> endpoint) {
-		return items.contains(endpoint.getId().toLowerCase(Locale.ENGLISH));
+		return items.contains(endpoint.getEndpointId().toLowerCaseString());
 	}
 
 }

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/endpoint/condition/OnEnabledEndpointCondition.java

@@ -19,6 +19,7 @@
 import java.util.Map;
 import java.util.Optional;
 
+import org.springframework.boot.actuate.endpoint.EndpointId;
 import org.springframework.boot.actuate.endpoint.annotation.Endpoint;
 import org.springframework.boot.actuate.endpoint.annotation.EndpointExtension;
 import org.springframework.boot.autoconfigure.condition.ConditionMessage;
@@ -54,8 +55,8 @@ public ConditionOutcome getMatchOutcome(ConditionContext context,
 			AnnotatedTypeMetadata metadata) {
 		Environment environment = context.getEnvironment();
 		AnnotationAttributes attributes = getEndpointAttributes(context, metadata);
-		String id = attributes.getString("id");
-		String key = "management.endpoint." + id + ".enabled";
+		EndpointId id = EndpointId.of(attributes.getString("id"));
+		String key = "management.endpoint." + id.toLowerCaseString() + ".enabled";
 		Boolean userDefinedEnabled = environment.getProperty(key, Boolean.class);
 		if (userDefinedEnabled != null) {
 			return new ConditionOutcome(userDefinedEnabled,

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/endpoint/jmx/DefaultEndpointObjectNameFactory.java

@@ -52,7 +52,8 @@ public ObjectName getObjectName(ExposableJmxEndpoint endpoint)
 			throws MalformedObjectNameException {
 		StringBuilder builder = new StringBuilder(this.properties.getDomain());
 		builder.append(":type=Endpoint");
-		builder.append(",name=" + StringUtils.capitalize(endpoint.getId()));
+		builder.append(
+				",name=" + StringUtils.capitalize(endpoint.getEndpointId().toString()));
 		String baseName = builder.toString();
 		if (this.mBeanServer != null && hasMBean(baseName)) {
 			builder.append(",context=" + this.contextId);

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/endpoint/web/MappingWebEndpointPathMapper.java

@@ -16,8 +16,10 @@
 
 package org.springframework.boot.actuate.autoconfigure.endpoint.web;
 
+import java.util.HashMap;
 import java.util.Map;
 
+import org.springframework.boot.actuate.endpoint.EndpointId;
 import org.springframework.boot.actuate.endpoint.web.PathMapper;
 
 /**
@@ -28,15 +30,23 @@
  */
 class MappingWebEndpointPathMapper implements PathMapper {
 
-	private final Map<String, String> pathMapping;
+	private final Map<EndpointId, String> pathMapping;
 
 	MappingWebEndpointPathMapper(Map<String, String> pathMapping) {
-		this.pathMapping = pathMapping;
+		this.pathMapping = new HashMap<>();
+		pathMapping.forEach((id, path) -> this.pathMapping
+				.put(EndpointId.fromPropertyValue(id), path));
 	}
 
 	@Override
+	@Deprecated
 	public String getRootPath(String endpointId) {
-		return this.pathMapping.getOrDefault(endpointId, endpointId);
+		return getRootPath(EndpointId.of(endpointId));
+	}
+
+	@Override
+	public String getRootPath(EndpointId endpointId) {
+		return this.pathMapping.getOrDefault(endpointId, endpointId.toLowerCaseString());
 	}
 
 }