Merge pull request #5074 from vpavic:multiple-management-roles

* pr/5074:
  Polish contribution
  Support configuration of multiple management roles

Author: snicoll

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/CrshAutoConfiguration.java

@@ -196,8 +196,8 @@ public SpringAuthenticationProperties springAuthenticationProperties() {
 			// overridden by ConfigurationProperties.
 			SpringAuthenticationProperties authenticationProperties = new SpringAuthenticationProperties();
 			if (this.management != null) {
-				authenticationProperties.setRoles(
-						new String[] { this.management.getSecurity().getRole() });
+				List<String> roles = this.management.getSecurity().getRoles();
+				authenticationProperties.setRoles(roles.toArray(new String[roles.size()]));
 			}
 			return authenticationProperties;
 		}

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementServerProperties.java

@@ -17,6 +17,8 @@
 package org.springframework.boot.actuate.autoconfigure;
 
 import java.net.InetAddress;
+import java.util.Collections;
+import java.util.List;
 
 import javax.validation.constraints.NotNull;
 
@@ -33,6 +35,7 @@
  *
  * @author Dave Syer
  * @author Stephane Nicoll
+ * @author Vedran Pavic
  * @see ServerProperties
  */
 @ConfigurationProperties(prefix = "management", ignoreUnknownFields = true)
@@ -160,9 +163,9 @@ public static class Security {
 		private boolean enabled = true;
 
 		/**
-		 * Role required to access the management endpoint.
+		 * Comma-separated list of roles that can access the management endpoint.
 		 */
-		private String role = "ADMIN";
+		private List<String> roles = Collections.singletonList("ADMIN");
 
 		/**
 		 * Session creating policy to use (always, never, if_required, stateless).
@@ -177,12 +180,17 @@ public void setSessions(SessionCreationPolicy sessions) {
 			this.sessions = sessions;
 		}
 
+		public void setRoles(List<String> roles) {
+			this.roles = roles;
+		}
+
+		@Deprecated
 		public void setRole(String role) {
-			this.role = role;
+			this.roles = Collections.singletonList(role);
 		}
 
-		public String getRole() {
-			return this.role;
+		public List<String> getRoles() {
+			return this.roles;
 		}
 
 		public boolean isEnabled() {

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementWebSecurityAutoConfiguration.java

@@ -124,7 +124,7 @@ public ManagementSecurityPropertiesConfiguration(
 		public void init() {
 			if (this.management != null && this.security != null) {
 				this.security.getUser().getRole()
-						.add(this.management.getSecurity().getRole());
+						.addAll(this.management.getSecurity().getRoles());
 			}
 		}
 
@@ -296,8 +296,9 @@ private void configurePermittedRequests(
 			// Permit access to the non-sensitive endpoints
 			requests.requestMatchers(new LazyEndpointPathRequestMatcher(
 					this.contextResolver, EndpointPaths.NON_SENSITIVE)).permitAll();
-			// Restrict the rest to the configured role
-			requests.anyRequest().hasRole(this.management.getSecurity().getRole());
+			// Restrict the rest to the configured roles
+			List<String> roles = this.management.getSecurity().getRoles();
+			requests.anyRequest().hasAnyRole(roles.toArray(new String[roles.size()]));
 		}
 
 	}

spring-boot-actuator/src/main/resources/META-INF/additional-spring-configuration-metadata.json

@@ -163,6 +163,15 @@
     "description": "Enable git info.",
     "defaultValue": true
   },
+  {
+    "name": "management.security.role",
+    "type": "java.lang.String",
+    "description": "Roles required to access the management endpoint.",
+    "defaultValue": "ADMIN",
+    "deprecation": {
+      "replacement": "management.security.roles"
+    }
+  },
   {
     "name": "spring.git.properties",
     "type": "java.lang.String",

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/ManagementServerPropertiesAutoConfigurationTests.java

@@ -16,8 +16,14 @@
 
 package org.springframework.boot.actuate.autoconfigure;
 
+import org.junit.After;
 import org.junit.Test;
 
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.boot.test.util.EnvironmentTestUtils;
+import org.springframework.context.annotation.AnnotationConfigApplicationContext;
+import org.springframework.context.annotation.Configuration;
+
 import static org.assertj.core.api.Assertions.assertThat;
 
 /**
@@ -28,6 +34,15 @@
  */
 public class ManagementServerPropertiesAutoConfigurationTests {
 
+	private AnnotationConfigApplicationContext context;
+
+	@After
+	public void close() {
+		if (this.context != null) {
+			this.context.close();
+		}
+	}
+
 	@Test
 	public void defaultManagementServerProperties() {
 		ManagementServerProperties properties = new ManagementServerProperties();
@@ -58,4 +73,32 @@ public void slashOfContextPathIsDefaultValue() {
 		assertThat(properties.getContextPath()).isEqualTo("");
 	}
 
+	@Test
+	@Deprecated
+	public void managementRoleSetRolesProperly() {
+		ManagementServerProperties properties = load("management.security.role=FOO");
+		assertThat(properties.getSecurity().getRoles()).containsOnly("FOO");
+	}
+
+	@Test
+	public void managementRolesSetMultipleRoles() {
+		ManagementServerProperties properties = load("management.security.roles=FOO,BAR,BIZ");
+		assertThat(properties.getSecurity().getRoles()).containsOnly("FOO", "BAR", "BIZ");
+	}
+
+	public ManagementServerProperties load(String... environment) {
+		AnnotationConfigApplicationContext ctx = new AnnotationConfigApplicationContext();
+		EnvironmentTestUtils.addEnvironment(ctx, environment);
+		ctx.register(TestConfiguration.class);
+		ctx.refresh();
+		this.context = ctx;
+		return this.context.getBean(ManagementServerProperties.class);
+	}
+
+	@Configuration
+	@EnableConfigurationProperties(ManagementServerProperties.class)
+	static class TestConfiguration {
+
+	}
+
 }

spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc

@@ -996,7 +996,7 @@ content into your application; rather pick only the properties that you need.
 	management.context-path= # Management endpoint context-path. For instance `/actuator`
 	management.port= # Management endpoint HTTP port. Use the same port as the application by default.
 	management.security.enabled=true # Enable security.
-	management.security.role=ADMIN # Role required to access the management endpoint.
+	management.security.roles=ADMIN # Comma-separated list of roles that can access the management endpoint.
 	management.security.sessions=stateless # Session creating policy to use (always, never, if_required, stateless).
 
 	# HEALTH INDICATORS (previously health.*)

spring-boot-docs/src/main/asciidoc/production-ready-features.adoc

@@ -520,14 +520,14 @@ TIP: Generated passwords are logged as the application starts. Search for '`Usin
 security password`'.
 
 You can use Spring properties to change the username and password and to change the
-security role required to access the endpoints. For example, you might set the following
+security role(s) required to access the endpoints. For example, you might set the following
 in your `application.properties`:
 
 [source,properties,indent=0]
 ----
 	security.user.name=admin
 	security.user.password=secret
-	management.security.role=SUPERUSER
+	management.security.roles=SUPERUSER
 ----
 
 TIP: If you don't use Spring Security and your HTTP endpoints are exposed publicly,