Secure the actuator endpoints behind /management

See jhipster/generator-jhipster#3550
jhipster · May 6, 2016 · ca7af00 · ca7af00
1 parent 1f4787c
commit ca7af00
Show file tree

Hide file tree

Showing 12 changed files with 15 additions and 45 deletions.
diff --git a/src/main/java/io/github/jhipster/registry/config/SecurityConfiguration.java b/src/main/java/io/github/jhipster/registry/config/SecurityConfiguration.java
@@ -2,7 +2,6 @@
 
 import javax.inject.Inject;
 
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
@@ -59,24 +58,8 @@ protected void configure(HttpSecurity http) throws Exception {
             .antMatchers("/eureka/**").hasAuthority(AuthoritiesConstants.ADMIN)
             .antMatchers("/config/**").hasAuthority(AuthoritiesConstants.ADMIN)
             .antMatchers("/api/authenticate").permitAll()
-            .antMatchers("/api/logs/**").hasAuthority(AuthoritiesConstants.ADMIN)
             .antMatchers("/api/**").authenticated()
-            .antMatchers("/metrics/**").hasAuthority(AuthoritiesConstants.ADMIN)
-            .antMatchers("/health/**").hasAuthority(AuthoritiesConstants.ADMIN)
-            .antMatchers("/trace/**").hasAuthority(AuthoritiesConstants.ADMIN)
-            .antMatchers("/dump/**").hasAuthority(AuthoritiesConstants.ADMIN)
-            .antMatchers("/shutdown/**").hasAuthority(AuthoritiesConstants.ADMIN)
-            .antMatchers("/beans/**").hasAuthority(AuthoritiesConstants.ADMIN)
-            .antMatchers("/configprops/**").hasAuthority(AuthoritiesConstants.ADMIN)
-            .antMatchers("/info/**").hasAuthority(AuthoritiesConstants.ADMIN)
-            .antMatchers("/autoconfig/**").hasAuthority(AuthoritiesConstants.ADMIN)
-            .antMatchers("/env/**").hasAuthority(AuthoritiesConstants.ADMIN)
-            .antMatchers("/mappings/**").hasAuthority(AuthoritiesConstants.ADMIN)
-            .antMatchers("/v2/api-docs/**").permitAll()
-            .antMatchers("/configuration/security").permitAll()
-            .antMatchers("/configuration/ui").permitAll()
-            .antMatchers("/swagger-ui/index.html").hasAuthority(AuthoritiesConstants.ADMIN)
-            .antMatchers("/protected/**").authenticated()
+            .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
             .antMatchers("/").permitAll()
             .anyRequest().authenticated()
         .and()

diff --git a/src/main/java/io/github/jhipster/registry/config/WebConfigurer.java b/src/main/java/io/github/jhipster/registry/config/WebConfigurer.java
@@ -107,7 +107,7 @@ private void initMetrics(ServletContext servletContext, EnumSet<DispatcherType>
         ServletRegistration.Dynamic metricsAdminServlet =
             servletContext.addServlet("metricsServlet", new MetricsServlet());
 
-        metricsAdminServlet.addMapping("/metrics/metrics/*");
+        metricsAdminServlet.addMapping("/management/jhipster/metrics/*");
         metricsAdminServlet.setAsyncSupported(true);
         metricsAdminServlet.setLoadOnStartup(2);
     }

diff --git a/src/main/java/io/github/jhipster/registry/web/rest/LogsResource.java b/src/main/java/io/github/jhipster/registry/web/rest/LogsResource.java
@@ -18,7 +18,7 @@
  * Controller for view and managing Log Level at runtime.
  */
 @RestController
-@RequestMapping("/api")
+@RequestMapping("/management/jhipster")
 public class LogsResource {
 
     @RequestMapping(value = "/logs",

diff --git a/src/main/resources/config/application.yml b/src/main/resources/config/application.yml
@@ -28,6 +28,9 @@ eureka:
     dashboard:
       path: /registry
 
+management:
+    context-path: /management
+
 spring:
     application:
         name: jhipster-registry

diff --git a/src/main/webapp/app/admin/configuration/configuration.service.js b/src/main/webapp/app/admin/configuration/configuration.service.js
@@ -16,7 +16,7 @@
         return service;
 
         function get () {
-            return $http.get('configprops').then(getConfigPropsComplete);
+            return $http.get('management/configprops').then(getConfigPropsComplete);
 
             function getConfigPropsComplete (response) {
                 var properties = [];
@@ -29,7 +29,7 @@
         }
 
         function getEnv () {
-            return $http.get('env').then(getEnvComplete);
+            return $http.get('management/env').then(getEnvComplete);
 
             function getEnvComplete (response) {
                 var properties = {};

diff --git a/src/main/webapp/app/admin/health/health.service.js b/src/main/webapp/app/admin/health/health.service.js
@@ -15,7 +15,7 @@
         return service;
 
         function checkHealth () {
-            return $http.get('health').then(function (response) {
+            return $http.get('management/health').then(function (response) {
                 return response.data;
             });
         }

diff --git a/src/main/webapp/app/admin/logs/logs.service.js b/src/main/webapp/app/admin/logs/logs.service.js
@@ -8,7 +8,7 @@
     LogsService.$inject = ['$resource'];
 
     function LogsService ($resource) {
-        var service = $resource('api/logs', {}, {
+        var service = $resource('management/jhipster/logs', {}, {
             'findAll': { method: 'GET', isArray: true},
             'changeLevel': { method: 'PUT'}
         });

diff --git a/src/main/webapp/app/admin/metrics/metrics.service.js b/src/main/webapp/app/admin/metrics/metrics.service.js
@@ -16,13 +16,13 @@
         return service;
 
         function getMetrics () {
-            return $http.get('metrics/metrics').then(function (response) {
+            return $http.get('management/jhipster/metrics').then(function (response) {
                 return response.data;
             });
         }
 
         function threadDump () {
-            return $http.get('dump').then(function (response) {
+            return $http.get('management/dump').then(function (response) {
                 return response.data;
             });
         }

diff --git a/src/main/webapp/app/applications/applications.html b/src/main/webapp/app/applications/applications.html
@@ -21,7 +21,6 @@ <h3>Instances</h3>
                         <tr>
                             <th>ID</th>
                             <th>Status</th>
-                            <th>Health</th>
                         </tr>
                         </thead>
                         <tbody>
@@ -34,9 +33,6 @@ <h3>Instances</h3>
                                 <span class="label label-warning" ng-show="{{instance.status != 'UP' && instance.status != 'DOWN'}}">{{instance.status}}</span>
                                 <span class="label label-danger" ng-show="{{instance.status == 'DOWN'}}">{{instance.status}}</span>
                             </td>
-                            <td>
-                                <a class="btn btn-xs btn-info" target="_blank" ng-href="{{instance.healthCheckUrl}}">Health</a>
-                            </td>
                         </tr>
                         </tbody>
                     </table>

diff --git a/src/main/webapp/app/components/login/login.controller.js b/src/main/webapp/app/components/login/login.controller.js
@@ -39,7 +39,7 @@
             }).then(function () {
                 vm.authenticationError = false;
                 $uibModalInstance.close();
-                $state.go('eureka');
+                $state.go('applications');
 
                 $rootScope.$broadcast('authenticationSuccess');
 

diff --git a/src/main/webapp/app/layouts/navbar/navbar.controller.js b/src/main/webapp/app/layouts/navbar/navbar.controller.js
@@ -27,7 +27,7 @@
         function logout () {
             collapseNavbar();
             Auth.logout();
-            $state.go('eureka');
+            $state.go('home');
         }
 
         function toggleNavbar () {

diff --git a/src/main/webapp/robots.txt b/src/main/webapp/robots.txt
@@ -7,17 +7,5 @@ Disallow: /api/account/sessions
 Disallow: /api/audits/
 Disallow: /api/logs/
 Disallow: /api/users/
-Disallow: /metrics/
-Disallow: /health/
-Disallow: /trace/
-Disallow: /dump/
-Disallow: /shutdown/
-Disallow: /beans/
-Disallow: /configprops/
-Disallow: /info/
-Disallow: /autoconfig/
-Disallow: /env/
-Disallow: /trace/
+Disallow: /management/
 Disallow: /v2/api-docs/
-Disallow: /configuration/
-Disallow: /protected/