Allow actuator endpoints to be used with mvcMatchers

This commit changes AbstractWebMvcEndpointHandlerMapping to
be a MatchableHandlerMapping. Additionally, EndpointRequest,
now delegates to MvcRequestMatcher for Spring MVC applications.

For all other applications, AntPathRequestMatcher is used as
a delegate.

Closes gh-13962

Author: mbhave

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequest.java

@@ -33,6 +33,7 @@
 import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointProperties;
 import org.springframework.boot.actuate.endpoint.annotation.Endpoint;
 import org.springframework.boot.actuate.endpoint.web.PathMappedEndpoints;
+import org.springframework.boot.autoconfigure.security.servlet.RequestMatcherProvider;
 import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletPath;
 import org.springframework.boot.security.servlet.ApplicationContextRequestMatcher;
 import org.springframework.core.annotation.AnnotatedElementUtils;
@@ -158,13 +159,25 @@ protected abstract RequestMatcher createDelegate(WebApplicationContext context,
 				RequestMatcherFactory requestMatcherFactory);
 
 		protected List<RequestMatcher> getLinksMatchers(
-				RequestMatcherFactory requestMatcherFactory, String basePath) {
+				RequestMatcherFactory requestMatcherFactory,
+				RequestMatcherProvider matcherProvider, String basePath) {
 			List<RequestMatcher> linksMatchers = new ArrayList<>();
-			linksMatchers.add(requestMatcherFactory.antPath(basePath));
-			linksMatchers.add(requestMatcherFactory.antPath(basePath, "/"));
+			linksMatchers.add(requestMatcherFactory.antPath(matcherProvider, basePath));
+			linksMatchers
+					.add(requestMatcherFactory.antPath(matcherProvider, basePath, "/"));
 			return linksMatchers;
 		}
 
+		protected RequestMatcherProvider getRequestMatcherProvider(
+				WebApplicationContext context) {
+			try {
+				return context.getBean(RequestMatcherProvider.class);
+			}
+			catch (NoSuchBeanDefinitionException ex) {
+				return AntPathRequestMatcher::new;
+			}
+		}
+
 	}
 
 	/**
@@ -220,18 +233,19 @@ protected RequestMatcher createDelegate(WebApplicationContext context,
 				RequestMatcherFactory requestMatcherFactory) {
 			PathMappedEndpoints pathMappedEndpoints = context
 					.getBean(PathMappedEndpoints.class);
+			RequestMatcherProvider matcherProvider = getRequestMatcherProvider(context);
 			Set<String> paths = new LinkedHashSet<>();
 			if (this.includes.isEmpty()) {
 				paths.addAll(pathMappedEndpoints.getAllPaths());
 			}
 			streamPaths(this.includes, pathMappedEndpoints).forEach(paths::add);
 			streamPaths(this.excludes, pathMappedEndpoints).forEach(paths::remove);
 			List<RequestMatcher> delegateMatchers = getDelegateMatchers(
-					requestMatcherFactory, paths);
+					requestMatcherFactory, matcherProvider, paths);
 			String basePath = pathMappedEndpoints.getBasePath();
 			if (this.includeLinks && StringUtils.hasText(basePath)) {
-				delegateMatchers
-						.addAll(getLinksMatchers(requestMatcherFactory, basePath));
+				delegateMatchers.addAll(getLinksMatchers(requestMatcherFactory,
+						matcherProvider, basePath));
 			}
 			return new OrRequestMatcher(delegateMatchers);
 		}
@@ -261,9 +275,10 @@ private String getEndpointId(Class<?> source) {
 		}
 
 		private List<RequestMatcher> getDelegateMatchers(
-				RequestMatcherFactory requestMatcherFactory, Set<String> paths) {
-			return paths.stream()
-					.map((path) -> requestMatcherFactory.antPath(path, "/**"))
+				RequestMatcherFactory requestMatcherFactory,
+				RequestMatcherProvider matcherProvider, Set<String> paths) {
+			return paths.stream().map(
+					(path) -> requestMatcherFactory.antPath(matcherProvider, path, "/**"))
 					.collect(Collectors.toList());
 		}
 
@@ -281,8 +296,8 @@ protected RequestMatcher createDelegate(WebApplicationContext context,
 					.getBean(WebEndpointProperties.class);
 			String basePath = properties.getBasePath();
 			if (StringUtils.hasText(basePath)) {
-				return new OrRequestMatcher(
-						getLinksMatchers(requestMatcherFactory, basePath));
+				return new OrRequestMatcher(getLinksMatchers(requestMatcherFactory,
+						getRequestMatcherProvider(context), basePath));
 			}
 			return EMPTY_MATCHER;
 		}
@@ -300,12 +315,13 @@ private static class RequestMatcherFactory {
 			this.prefix = prefix;
 		}
 
-		public RequestMatcher antPath(String... parts) {
+		public RequestMatcher antPath(RequestMatcherProvider matcherProvider,
+				String... parts) {
 			String pattern = this.prefix;
 			for (String part : parts) {
 				pattern += part;
 			}
-			return new AntPathRequestMatcher(pattern);
+			return matcherProvider.getRequestMatcher(pattern);
 		}
 
 	}

spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequestTests.java

@@ -31,6 +31,7 @@
 import org.springframework.boot.actuate.endpoint.web.PathMappedEndpoint;
 import org.springframework.boot.actuate.endpoint.web.PathMappedEndpoints;
 import org.springframework.boot.actuate.endpoint.web.annotation.ServletEndpoint;
+import org.springframework.boot.autoconfigure.security.servlet.RequestMatcherProvider;
 import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletPath;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockServletContext;
@@ -214,6 +215,26 @@ public void excludeLinksShouldNotMatchBasePathIfEmptyAndExcluded() {
 		assertMatcher.matches("/bar");
 	}
 
+	@Test
+	public void endpointRequestMatcherShouldUseCustomRequestMatcherProvider() {
+		RequestMatcher matcher = EndpointRequest.toAnyEndpoint();
+		RequestMatcher mockRequestMatcher = (request) -> false;
+		RequestMatcherAssert assertMatcher = assertMatcher(matcher,
+				mockPathMappedEndpoints(""), "", (pattern) -> mockRequestMatcher);
+		assertMatcher.doesNotMatch("/foo");
+		assertMatcher.doesNotMatch("/bar");
+	}
+
+	@Test
+	public void linksRequestMatcherShouldUseCustomRequestMatcherProvider() {
+		RequestMatcher matcher = EndpointRequest.toLinks();
+		RequestMatcher mockRequestMatcher = (request) -> false;
+		RequestMatcherAssert assertMatcher = assertMatcher(matcher,
+				mockPathMappedEndpoints("/actuator"), "",
+				(pattern) -> mockRequestMatcher);
+		assertMatcher.doesNotMatch("/actuator");
+	}
+
 	@Test
 	public void noEndpointPathsBeansShouldNeverMatch() {
 		RequestMatcher matcher = EndpointRequest.toAnyEndpoint();
@@ -231,7 +252,8 @@ private RequestMatcherAssert assertMatcher(RequestMatcher matcher, String basePa
 
 	private RequestMatcherAssert assertMatcher(RequestMatcher matcher, String basePath,
 			String servletPath) {
-		return assertMatcher(matcher, mockPathMappedEndpoints(basePath), servletPath);
+		return assertMatcher(matcher, mockPathMappedEndpoints(basePath), servletPath,
+				null);
 	}
 
 	private PathMappedEndpoints mockPathMappedEndpoints(String basePath) {
@@ -250,11 +272,12 @@ private TestEndpoint mockEndpoint(String id, String rootPath) {
 
 	private RequestMatcherAssert assertMatcher(RequestMatcher matcher,
 			PathMappedEndpoints pathMappedEndpoints) {
-		return assertMatcher(matcher, pathMappedEndpoints, "");
+		return assertMatcher(matcher, pathMappedEndpoints, "", null);
 	}
 
 	private RequestMatcherAssert assertMatcher(RequestMatcher matcher,
-			PathMappedEndpoints pathMappedEndpoints, String dispatcherServletPath) {
+			PathMappedEndpoints pathMappedEndpoints, String dispatcherServletPath,
+			RequestMatcherProvider matcherProvider) {
 		StaticWebApplicationContext context = new StaticWebApplicationContext();
 		context.registerBean(WebEndpointProperties.class);
 		if (pathMappedEndpoints != null) {
@@ -269,6 +292,9 @@ private RequestMatcherAssert assertMatcher(RequestMatcher matcher,
 			DispatcherServletPath path = () -> dispatcherServletPath;
 			context.registerBean(DispatcherServletPath.class, () -> path);
 		}
+		if (matcherProvider != null) {
+			context.registerBean(RequestMatcherProvider.class, () -> matcherProvider);
+		}
 		return assertThat(new RequestMatcherAssert(context, matcher));
 	}
 

spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/web/servlet/AbstractWebMvcEndpointHandlerMapping.java

@@ -23,6 +23,7 @@
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -49,6 +50,8 @@
 import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.servlet.HandlerMapping;
+import org.springframework.web.servlet.handler.MatchableHandlerMapping;
+import org.springframework.web.servlet.handler.RequestMatchResult;
 import org.springframework.web.servlet.mvc.condition.ConsumesRequestCondition;
 import org.springframework.web.servlet.mvc.condition.PatternsRequestCondition;
 import org.springframework.web.servlet.mvc.condition.ProducesRequestCondition;
@@ -66,7 +69,8 @@
  * @since 2.0.0
  */
 public abstract class AbstractWebMvcEndpointHandlerMapping
-		extends RequestMappingInfoHandlerMapping implements InitializingBean {
+		extends RequestMappingInfoHandlerMapping
+		implements InitializingBean, MatchableHandlerMapping {
 
 	private final EndpointMapping endpointMapping;
 
@@ -82,6 +86,8 @@ public abstract class AbstractWebMvcEndpointHandlerMapping
 	private final Method handleMethod = ReflectionUtils.findMethod(OperationHandler.class,
 			"handle", HttpServletRequest.class, Map.class);
 
+	private static final RequestMappingInfo.BuilderConfiguration builderConfig = getBuilderConfig();
+
 	/**
 	 * Creates a new {@code WebEndpointHandlerMapping} that provides mappings for the
 	 * operations of the given {@code webEndpoints}.
@@ -125,6 +131,29 @@ protected void initHandlerMethods() {
 		}
 	}
 
+	@Override
+	public RequestMatchResult match(HttpServletRequest request, String pattern) {
+		RequestMappingInfo info = RequestMappingInfo.paths(pattern).options(builderConfig)
+				.build();
+		RequestMappingInfo matchingInfo = info.getMatchingCondition(request);
+		if (matchingInfo == null) {
+			return null;
+		}
+		Set<String> patterns = matchingInfo.getPatternsCondition().getPatterns();
+		String lookupPath = getUrlPathHelper().getLookupPathForRequest(request);
+		return new RequestMatchResult(patterns.iterator().next(), lookupPath,
+				getPathMatcher());
+	}
+
+	private static RequestMappingInfo.BuilderConfiguration getBuilderConfig() {
+		RequestMappingInfo.BuilderConfiguration config = new RequestMappingInfo.BuilderConfiguration();
+		config.setUrlPathHelper(null);
+		config.setPathMatcher(null);
+		config.setSuffixPatternMatch(false);
+		config.setTrailingSlashMatch(true);
+		return config;
+	}
+
 	private void registerMappingForOperation(ExposableWebEndpoint endpoint,
 			WebOperation operation) {
 		OperationInvoker invoker = operation::invoke;
@@ -176,7 +205,9 @@ private void registerLinksMapping() {
 
 	private PatternsRequestCondition patternsRequestConditionForPattern(String path) {
 		String[] patterns = new String[] { this.endpointMapping.createSubPath(path) };
-		return new PatternsRequestCondition(patterns, null, null, false, true);
+		return new PatternsRequestCondition(patterns, builderConfig.getUrlPathHelper(),
+				builderConfig.getPathMatcher(), builderConfig.useSuffixPatternMatch(),
+				builderConfig.useTrailingSlashMatch());
 	}
 
 	@Override

spring-boot-project/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/web/servlet/MvcWebEndpointIntegrationTests.java

@@ -46,13 +46,15 @@
 import org.springframework.core.env.Environment;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
+import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.filter.OncePerRequestFilter;
+import org.springframework.web.servlet.handler.RequestMatchResult;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
@@ -104,6 +106,27 @@ public void readOperationsThatReturnAResourceSupportRangeRequests() {
 		});
 	}
 
+	@Test
+	public void matchWhenRequestHasTrailingSlashShouldNotBeNull() {
+		assertThat(getMatchResult("/spring/")).isNotNull();
+	}
+
+	@Test
+	public void matchWhenRequestHasSuffixShouldBeNull() {
+		assertThat(getMatchResult("/spring.do")).isNull();
+	}
+
+	private RequestMatchResult getMatchResult(String s) {
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.setServletPath(s);
+		AnnotationConfigServletWebServerApplicationContext context = createApplicationContext();
+		context.register(TestEndpointConfiguration.class);
+		context.refresh();
+		WebMvcEndpointHandlerMapping bean = context
+				.getBean(WebMvcEndpointHandlerMapping.class);
+		return bean.match(request, "/spring");
+	}
+
 	@Override
 	protected int getPort(AnnotationConfigServletWebServerApplicationContext context) {
 		return context.getWebServer().getPort();

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/MvcRequestMatcherProvider.java

@@ -0,0 +1,41 @@
+/*
+ * Copyright 2012-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.boot.autoconfigure.security.servlet;
+
+import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
+
+/**
+ * {@link RequestMatcherProvider} that provides an {@link MvcRequestMatcher} that can be
+ * used for Spring MVC applications.
+ *
+ * @author Madhura Bhave
+ */
+public class MvcRequestMatcherProvider implements RequestMatcherProvider {
+
+	private final HandlerMappingIntrospector introspector;
+
+	public MvcRequestMatcherProvider(HandlerMappingIntrospector introspector) {
+		this.introspector = introspector;
+	}
+
+	@Override
+	public RequestMatcher getRequestMatcher(String pattern) {
+		return new MvcRequestMatcher(this.introspector, pattern);
+	}
+
+}

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/RequestMatcherProvider.java

@@ -0,0 +1,32 @@
+/*
+ * Copyright 2012-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.boot.autoconfigure.security.servlet;
+
+import org.springframework.security.web.util.matcher.RequestMatcher;
+
+/**
+ * Interface that can be used to provide a {@link RequestMatcher} that can be used with
+ * Spring Security.
+ *
+ * @author Madhura Bhave
+ * @since 2.0.5
+ */
+@FunctionalInterface
+public interface RequestMatcherProvider {
+
+	RequestMatcher getRequestMatcher(String pattern);
+
+}