Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Spring Boot Autoconfigure: potentially unintended console exposure #1125

Open
askingcat opened this issue Oct 9, 2023 · 0 comments
Open

Spring Boot Autoconfigure: potentially unintended console exposure #1125

askingcat opened this issue Oct 9, 2023 · 0 comments

Comments

@askingcat
Copy link

Overview

If a Spring Boot application has configured a separate management port, Togglz will still also run on the application port by default. Since the console is also enabled by default, this might be a security risk (although by default the ROLE_ADMIN will be required).

Expected

  • If togglz.console.use-management-port is not configured, the console will run only on the management port (if available).

Actual

  • If togglz.console.use-management-port is not configured, the console will run on the management port and the application port.
  • If togglz.console.use-management-port is false, the console will run on the application port.
  • If togglz.console.use-management-port is true, the console will run on the management port.

Additional Information

Potentially the behavior described could be intended, but based on the documentation and the naming of variables and classes (e.g. TogglzConsoleBaseConfiguration#OnConsoleAndNotUseManagementPort I assume that the current behavior is not intended.

Note that by default the Admin Console runs on the management port (if configured). If the management port (management.port) is not configured it will run on the application port. Setting togglz.console.use-management-port to false will always run the Admin Console on the application port.

(Spring Boot Starter documentation, section "Admin Console Security")

The current behavior was introduced with PR #479. matchIfMissing = true will always set the value to true if it not explicitly set.

-        @ConditionalOnProperty(prefix = "togglz.console", name = "use-management-port", havingValue = "false")
+        @ConditionalOnProperty(prefix = "togglz.console", name = "use-management-port", havingValue = "false", matchIfMissing = true)

So if the user has not explicitly configured anything, both OnConsoleAndUseManagementPort and OnConsoleAndNotUseManagementPort (see TogglzConsoleBaseConfiguration) will both be true:

public static class OnConsoleAndUseManagementPort extends AllNestedConditions {
    // [...]

    @ConditionalOnProperty(prefix = "togglz.console", name = "use-management-port", havingValue = "true", matchIfMissing = true)
    static class OnUseManagementPort {
    }
}

public static class OnConsoleAndNotUseManagementPort extends AllNestedConditions {
    // [...]

    @ConditionalOnProperty(prefix = "togglz.console", name = "use-management-port", havingValue = "false", matchIfMissing = true)
    static class OnNotUseManagementPort {
    }
}

The PR mentioned above apparently attempted to fix the problem that no console was running at all if no management port was configured (see #341).

Changing the current behavior could be a breaking change for some users (if they have a management port, but currently rely on the availability on the application port with no explicit configuration).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@askingcat