Skip to content

Fix health endpoint visibility #6540

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Fix health endpoint visibility #6540

wants to merge 1 commit into from

Conversation

@eddumelendez
Copy link
Contributor

@eddumelendez eddumelendez commented Aug 3, 2016

Nowadays, health endpoint is partially visible to every role but completely visible
to users with ROLE_ADMIN. This is due to HealthMvcEndpoint is looking at key
management.security.role instead of management.security.roles.

@eddumelendez
Fix health endpoint visibility
4dc2693 
Nowadays, health endpoint is partially visible to every role but completely visible
to users with ROLE_ADMIN. This is due to HealthMvcEndpoint is looking at key
`management.security.role` instead of `management.security.roles`.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Aug 3, 2016
@snicoll
Copy link
Member

snicoll commented Aug 3, 2016

Oops :)

@philwebb philwebb added type: blocker An issue that is blocking us from releasing type: regression A regression from a previous release and removed status: waiting-for-triage An issue we've not yet triaged labels Aug 10, 2016
@philwebb philwebb added this to the 1.4.1 milestone Aug 10, 2016
@wilkinsona wilkinsona mentioned this pull request Aug 12, 2016
Closed
@snicoll snicoll self-assigned this Aug 12, 2016
snicoll pushed a commit that referenced this pull request Aug 13, 2016
@eddumelendez @snicoll
Fix health endpoint security
dced154 
Commit b02aba4 has renamed `management.security.role` to
`management.security.roles`. Unfortunately, the `HealthMvcEndpoint`
was still looking at the old property.

This commit makes sure that the proper key is used and any custom
role is applied rather than an unconditional `ADMIN` role.

See gh-6540
@snicoll snicoll closed this in 4882544 Aug 13, 2016
snicoll added a commit that referenced this pull request Aug 13, 2016
@snicoll
Merge pull request #6540 from eddumelendez:health-endpoint-visibility
2d1e85c 
* pr/6540:
  Polish contribution
  Fix health endpoint security
@snicoll
Copy link
Member

snicoll commented Aug 13, 2016

Thanks for the PR @eddumelendez - I've polished it in 4882544

@eddumelendez eddumelendez deleted the health-endpoint-visibility branch January 17, 2018 13:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@snicoll snicoll

Labels

type: blocker An issue that is blocking us from releasing type: regression A regression from a previous release

Projects

None yet

Milestone

1.4.1

Development

Successfully merging this pull request may close these issues.

4 participants

@eddumelendez @snicoll @philwebb @spring-projects-issues