Ensure shutdown endpoint is disabled by default

Dave Syer · Dave Syer · commit 0aa3b00fdf85 · 2014-02-20T08:36:18.000Z
Fixes spring-projectsgh-377
diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/EndpointMvcAdapter.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/EndpointMvcAdapter.java
@@ -16,7 +16,12 @@
 
 package org.springframework.boot.actuate.endpoint.mvc;
 
+import java.util.Collections;
+import java.util.Map;
+
 import org.springframework.boot.actuate.endpoint.Endpoint;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.util.Assert;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -43,9 +48,18 @@ public EndpointMvcAdapter(Endpoint<?> delegate) {
 	@RequestMapping(method = RequestMethod.GET)
 	@ResponseBody
 	public Object invoke() {
+		if (!this.delegate.isEnabled()) {
+			// Shouldn't happen
+			return new ResponseEntity<Map<String, String>>(Collections.singletonMap(
+					"message", "This endpoint is disabled"), HttpStatus.NOT_FOUND);
+		}
 		return this.delegate.invoke();
 	}
 
+	public Endpoint<?> getDelegate() {
+		return this.delegate;
+	}
+
 	@Override
 	public String getPath() {
 		return "/" + this.delegate.getId();
diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpoints.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/MvcEndpoints.java
@@ -60,7 +60,7 @@ public void afterPropertiesSet() throws Exception {
 		Collection<Endpoint> delegates = BeanFactoryUtils.beansOfTypeIncludingAncestors(
 				this.applicationContext, Endpoint.class).values();
 		for (Endpoint<?> endpoint : delegates) {
-			if (isGenericEndpoint(endpoint.getClass())) {
+			if (isGenericEndpoint(endpoint.getClass()) && endpoint.isEnabled()) {
 				this.endpoints.add(new EndpointMvcAdapter(endpoint));
 			}
 		}
diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/ShutdownMvcEndpoint.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/ShutdownMvcEndpoint.java
@@ -16,7 +16,12 @@
 
 package org.springframework.boot.actuate.endpoint.mvc;
 
+import java.util.Collections;
+import java.util.Map;
+
 import org.springframework.boot.actuate.endpoint.ShutdownEndpoint;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.ResponseBody;
@@ -36,6 +41,10 @@ public ShutdownMvcEndpoint(ShutdownEndpoint delegate) {
 	@ResponseBody
 	@Override
 	public Object invoke() {
+		if (!getDelegate().isEnabled()) {
+			return new ResponseEntity<Map<String, String>>(Collections.singletonMap(
+					"message", "This endpoint is disabled"), HttpStatus.NOT_FOUND);
+		}
 		return super.invoke();
 	}
 }
diff --git a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/ShutdownMvcEndpointTests.java b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/ShutdownMvcEndpointTests.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2012-2013 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.actuate.endpoint.mvc;
+
+import java.util.Map;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.boot.actuate.endpoint.ShutdownEndpoint;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+
+import static org.junit.Assert.assertEquals;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+/**
+ * @author Dave Syer
+ */
+public class ShutdownMvcEndpointTests {
+
+	private ShutdownEndpoint endpoint = mock(ShutdownEndpoint.class);
+	private ShutdownMvcEndpoint mvc = new ShutdownMvcEndpoint(this.endpoint);
+
+	@Before
+	public void init() {
+		when(this.endpoint.isEnabled()).thenReturn(false);
+	}
+
+	@Test
+	public void disabled() {
+		@SuppressWarnings("unchecked")
+		ResponseEntity<Map<String, String>> response = (ResponseEntity<Map<String, String>>) this.mvc
+				.invoke();
+		assertEquals(HttpStatus.NOT_FOUND, response.getStatusCode());
+	}
+
+}

Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,7 @@ public void afterPropertiesSet() throws Exception {`
`60`	`60`	`Collection<Endpoint> delegates = BeanFactoryUtils.beansOfTypeIncludingAncestors(`
`61`	`61`	`this.applicationContext, Endpoint.class).values();`
`62`	`62`	`for (Endpoint<?> endpoint : delegates) {`
`63`		`- if (isGenericEndpoint(endpoint.getClass())) {`
	`63`	`+ if (isGenericEndpoint(endpoint.getClass()) && endpoint.isEnabled()) {`
`64`	`64`	`this.endpoints.add(new EndpointMvcAdapter(endpoint));`
`65`	`65`	`}`
`66`	`66`	`}`