Merge branch '1.4.x' into 1.5.x

Author: philwebb

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/EndpointWebMvcManagementContextConfiguration.java

@@ -159,9 +159,11 @@ public HeapdumpMvcEndpoint heapdumpMvcEndpoint() {
 	@Bean
 	@ConditionalOnBean(HealthEndpoint.class)
 	@ConditionalOnEnabledEndpoint("health")
-	public HealthMvcEndpoint healthMvcEndpoint(HealthEndpoint delegate) {
+	public HealthMvcEndpoint healthMvcEndpoint(HealthEndpoint delegate,
+			ManagementServerProperties managementServerProperties) {
 		HealthMvcEndpoint healthMvcEndpoint = new HealthMvcEndpoint(delegate,
-				this.managementServerProperties.getSecurity().isEnabled());
+				this.managementServerProperties.getSecurity().isEnabled(),
+				managementServerProperties.getSecurity().getRoles());
 		if (this.healthMvcEndpointProperties.getMapping() != null) {
 			healthMvcEndpoint
 					.addStatusMapping(this.healthMvcEndpointProperties.getMapping());

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/HealthMvcEndpoint.java

@@ -16,7 +16,9 @@
 
 package org.springframework.boot.actuate.endpoint.mvc;
 
+import java.util.Arrays;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
@@ -52,6 +54,8 @@ public class HealthMvcEndpoint extends AbstractEndpointMvcAdapter<HealthEndpoint
 
 	private final boolean secure;
 
+	private final List<String> roles;
+
 	private Map<String, HttpStatus> statusMapping = new HashMap<String, HttpStatus>();
 
 	private RelaxedPropertyResolver securityPropertyResolver;
@@ -65,9 +69,15 @@ public HealthMvcEndpoint(HealthEndpoint delegate) {
 	}
 
 	public HealthMvcEndpoint(HealthEndpoint delegate, boolean secure) {
+		this(delegate, secure, null);
+	}
+
+	public HealthMvcEndpoint(HealthEndpoint delegate, boolean secure,
+			List<String> roles) {
 		super(delegate);
 		this.secure = secure;
 		setupDefaultStatusMapping();
+		this.roles = roles;
 	}
 
 	private void setupDefaultStatusMapping() {
@@ -173,15 +183,22 @@ protected boolean exposeHealthDetails(HttpServletRequest request) {
 		if (!this.secure) {
 			return true;
 		}
-		String[] roles = StringUtils.commaDelimitedListToStringArray(
-				this.securityPropertyResolver.getProperty("roles", "ROLE_ACTUATOR"));
-		roles = StringUtils.trimArrayElements(roles);
-		for (String role : roles) {
+		for (String role : getRoles()) {
 			if (request.isUserInRole(role) || request.isUserInRole("ROLE_" + role)) {
 				return true;
 			}
 		}
 		return false;
 	}
 
+	private List<String> getRoles() {
+		if (this.roles != null) {
+			return this.roles;
+		}
+		String[] roles = StringUtils.commaDelimitedListToStringArray(
+				this.securityPropertyResolver.getProperty("roles", "ROLE_ACTUATOR"));
+		roles = StringUtils.trimArrayElements(roles);
+		return Arrays.asList(roles);
+	}
+
 }

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpointSecurityInterceptor.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2017 the original author or authors.
+ * Copyright 2012-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -125,7 +125,10 @@ private void logUnauthorizedAttempt() {
 		}
 	}
 
-	private class AuthoritiesValidator {
+	/**
+	 * Inner class to check authorities using Spring Security (when available).
+	 */
+	private static class AuthoritiesValidator {
 
 		private boolean hasAuthority(String role) {
 			Authentication authentication = SecurityContextHolder.getContext()

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/HealthMvcEndpointAutoConfigurationTests.java

@@ -16,6 +16,8 @@
 
 package org.springframework.boot.actuate.autoconfigure;
 
+import java.util.Arrays;
+
 import org.junit.After;
 import org.junit.Test;
 
@@ -34,6 +36,7 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockServletContext;
+import org.springframework.test.util.ReflectionTestUtils;
 import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -83,6 +86,20 @@ public void testNotSecured() throws Exception {
 		assertThat(map.getDetails().get("foo")).isEqualTo("bar");
 	}
 
+	@Test
+	public void testSetRoles() throws Exception {
+		// gh-8314
+		this.context = new AnnotationConfigWebApplicationContext();
+		this.context.setServletContext(new MockServletContext());
+		this.context.register(TestConfiguration.class);
+		EnvironmentTestUtils.addEnvironment(this.context,
+				"management.security.roles[0]=super");
+		this.context.refresh();
+		HealthMvcEndpoint health = this.context.getBean(HealthMvcEndpoint.class);
+		assertThat(ReflectionTestUtils.getField(health, "roles"))
+				.isEqualTo(Arrays.asList("super"));
+	}
+
 	@Configuration
 	@ImportAutoConfiguration({ SecurityAutoConfiguration.class,
 			JacksonAutoConfiguration.class, WebMvcAutoConfiguration.class,

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/HealthMvcEndpointTests.java

@@ -16,6 +16,7 @@
 
 package org.springframework.boot.actuate.endpoint.mvc;
 
+import java.util.Arrays;
 import java.util.Collections;
 
 import javax.servlet.http.HttpServletRequest;
@@ -182,6 +183,19 @@ public void customRoleShouldNotExposeDetailsForDefaultRole() {
 		assertThat(((Health) result).getDetails().get("foo")).isNull();
 	}
 
+	@Test
+	public void customRoleFromListShouldNotExposeDetailsForDefaultRole() {
+		// gh-8314
+		this.mvc = new HealthMvcEndpoint(this.endpoint, true,
+				Arrays.asList("HERO", "USER"));
+		given(this.endpoint.invoke())
+				.willReturn(new Health.Builder().up().withDetail("foo", "bar").build());
+		Object result = this.mvc.invoke(this.hero);
+		assertThat(result instanceof Health).isTrue();
+		assertThat(((Health) result).getStatus() == Status.UP).isTrue();
+		assertThat(((Health) result).getDetails().get("foo")).isEqualTo("bar");
+	}
+
 	@Test
 	public void healthIsCached() {
 		given(this.endpoint.getTimeToLive()).willReturn(10000L);

spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/orm/jpa/DataSourceInitializedPublisher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2016 the original author or authors.
+ * Copyright 2012-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -64,20 +64,33 @@ public Object postProcessAfterInitialization(Object bean, String beanName)
 		if (bean instanceof JpaProperties) {
 			this.properties = (JpaProperties) bean;
 		}
-		if (bean instanceof EntityManagerFactory && this.dataSource != null
-				&& isInitializingDatabase()) {
-			this.applicationContext
-					.publishEvent(new DataSourceInitializedEvent(this.dataSource));
+		if (bean instanceof EntityManagerFactory) {
+			publishEventIfRequired((EntityManagerFactory) bean);
 		}
 		return bean;
 	}
 
-	private boolean isInitializingDatabase() {
+	private void publishEventIfRequired(EntityManagerFactory entityManagerFactory) {
+		DataSource dataSource = findDataSource(entityManagerFactory);
+		if (dataSource != null && isInitializingDatabase(dataSource)) {
+			this.applicationContext
+					.publishEvent(new DataSourceInitializedEvent(dataSource));
+		}
+	}
+
+	private DataSource findDataSource(EntityManagerFactory entityManagerFactory) {
+		Object dataSource = entityManagerFactory.getProperties()
+				.get("javax.persistence.nonJtaDataSource");
+		return (dataSource != null && dataSource instanceof DataSource
+				? (DataSource) dataSource : this.dataSource);
+	}
+
+	private boolean isInitializingDatabase(DataSource dataSource) {
 		if (this.properties == null) {
 			return true; // better safe than sorry
 		}
 		Map<String, String> hibernate = this.properties
-				.getHibernateProperties(this.dataSource);
+				.getHibernateProperties(dataSource);
 		if (hibernate.containsKey("hibernate.hbm2ddl.auto")) {
 			return true;
 		}

spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainer.java

@@ -205,9 +205,6 @@ else if (handler instanceof HandlerCollection) {
 	@Override
 	public void stop() {
 		synchronized (this.monitor) {
-			if (!this.started) {
-				return;
-			}
 			this.started = false;
 			try {
 				this.server.stop();

spring-boot/src/main/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainer.java

@@ -90,28 +90,34 @@ private void initialize() throws EmbeddedServletContainerException {
 		synchronized (this.monitor) {
 			try {
 				addInstanceIdToEngineName();
+				try {
+					// Remove service connectors to that protocol binding doesn't happen
+					// yet
+					removeServiceConnectors();
 
-				// Remove service connectors to that protocol binding doesn't happen yet
-				removeServiceConnectors();
+					// Start the server to trigger initialization listeners
+					this.tomcat.start();
 
-				// Start the server to trigger initialization listeners
-				this.tomcat.start();
+					// We can re-throw failure exception directly in the main thread
+					rethrowDeferredStartupExceptions();
 
-				// We can re-throw failure exception directly in the main thread
-				rethrowDeferredStartupExceptions();
+					Context context = findContext();
+					try {
+						ContextBindings.bindClassLoader(context, getNamingToken(context),
+								getClass().getClassLoader());
+					}
+					catch (NamingException ex) {
+						// Naming is not enabled. Continue
+					}
 
-				Context context = findContext();
-				try {
-					ContextBindings.bindClassLoader(context, getNamingToken(context),
-							getClass().getClassLoader());
+					// Unlike Jetty, all Tomcat threads are daemon threads. We create a
+					// blocking non-daemon to stop immediate shutdown
+					startDaemonAwaitThread();
 				}
-				catch (NamingException ex) {
-					// Naming is not enabled. Continue
+				catch (Exception ex) {
+					containerCounter.decrementAndGet();
+					throw ex;
 				}
-
-				// Unlike Jetty, all Tomcat threads are daemon threads. We create a
-				// blocking non-daemon to stop immediate shutdown
-				startDaemonAwaitThread();
 			}
 			catch (Exception ex) {
 				throw new EmbeddedServletContainerException(
@@ -279,9 +285,7 @@ Map<Service, Connector[]> getServiceConnectors() {
 	@Override
 	public void stop() throws EmbeddedServletContainerException {
 		synchronized (this.monitor) {
-			if (!this.started) {
-				return;
-			}
+			boolean wasStarted = this.started;
 			try {
 				this.started = false;
 				try {
@@ -297,7 +301,9 @@ public void stop() throws EmbeddedServletContainerException {
 						"Unable to stop embedded Tomcat", ex);
 			}
 			finally {
-				containerCounter.decrementAndGet();
+				if (wasStarted) {
+					containerCounter.decrementAndGet();
+				}
 			}
 		}
 	}

spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java

@@ -174,6 +174,16 @@ public void startCalledTwice() throws Exception {
 		assertThat(this.output.toString()).containsOnlyOnce("started on port");
 	}
 
+	@Test
+	public void stopCalledTwice() throws Exception {
+		AbstractEmbeddedServletContainerFactory factory = getFactory();
+		this.container = factory
+				.getEmbeddedServletContainer(exampleServletRegistration());
+		this.container.start();
+		this.container.stop();
+		this.container.stop();
+	}
+
 	@Test
 	public void emptyServerWhenPortIsMinusOne() throws Exception {
 		AbstractEmbeddedServletContainerFactory factory = getFactory();
@@ -315,16 +325,6 @@ public void contextRootPathMustNotBeSlash() throws Exception {
 		getFactory().setContextPath("/");
 	}
 
-	@Test
-	public void doubleStop() throws Exception {
-		AbstractEmbeddedServletContainerFactory factory = getFactory();
-		this.container = factory
-				.getEmbeddedServletContainer(exampleServletRegistration());
-		this.container.start();
-		this.container.stop();
-		this.container.stop();
-	}
-
 	@Test
 	public void multipleConfigurations() throws Exception {
 		AbstractEmbeddedServletContainerFactory factory = getFactory();

spring-boot/src/test/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactoryTests.java

@@ -143,6 +143,16 @@ public void sslCiphersConfiguration() throws Exception {
 				.isEmpty();
 	}
 
+	@Test
+	public void stopCalledWithoutStart() throws Exception {
+		JettyEmbeddedServletContainerFactory factory = getFactory();
+		this.container = factory
+				.getEmbeddedServletContainer(exampleServletRegistration());
+		this.container.stop();
+		Server server = ((JettyEmbeddedServletContainer) this.container).getServer();
+		assertThat(server.isStopped()).isTrue();
+	}
+
 	@Override
 	protected void addConnector(final int port,
 			AbstractEmbeddedServletContainerFactory factory) {