From 04b7b9b2ca06df20926b3a8454579be3ca410a01 Mon Sep 17 00:00:00 2001
From: Christian Dupuis <cdupuis@gopivotal.com>
Date: Mon, 25 Nov 2013 16:07:58 +0100
Subject: [PATCH] Rework handling of default shell authentication method in the
 absence of Spring Security

In case Spring Security is missing from the class path, shell auto configuration will now fall back gracefully to simple authentication and emit warning to the console.

fixes #114
---
 .../autoconfigure/CrshAutoConfiguration.java  | 12 ++++------
 .../actuate/properties/ShellProperties.java   | 22 ++++++++++++++++++-
 2 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/CrshAutoConfiguration.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/CrshAutoConfiguration.java
index b4c052a311..5d18d5346a 100644
--- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/CrshAutoConfiguration.java
+++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/CrshAutoConfiguration.java
@@ -148,13 +148,6 @@ public class CrshAutoConfiguration {
 		return new SimpleAuthenticationProperties();
 	}
 
-	@Bean
-	@ConditionalOnExpression("'${shell.auth:simple}' == 'spring'")
-	@ConditionalOnMissingBean({ CrshShellAuthenticationProperties.class })
-	public CrshShellAuthenticationProperties springAuthenticationProperties() {
-		return new SpringAuthenticationProperties();
-	}
-
 	@Bean
 	@ConditionalOnMissingBean({ PluginLifeCycle.class })
 	public PluginLifeCycle shellBootstrap() {
@@ -180,12 +173,15 @@ public class CrshAutoConfiguration {
 		}
 
 		@Bean
-		@ConditionalOnExpression("'${shell.auth:default_spring}' == 'default_spring'")
+		@ConditionalOnExpression("'${shell.auth:spring}' == 'spring'")
 		@ConditionalOnMissingBean({ CrshShellAuthenticationProperties.class })
 		public CrshShellAuthenticationProperties springAuthenticationProperties() {
 			// In case no shell.auth property is provided fall back to Spring Security
 			// based authentication and get role to access shell from
 			// ManagementServerProperties.
+			// In case shell.auth is set to spring and roles are configured using
+			// shell.auth.spring.roles the below default role will be overridden by
+			// ConfigurationProperties.
 			SpringAuthenticationProperties authenticationProperties = new SpringAuthenticationProperties();
 			if (this.management != null) {
 				authenticationProperties.setRoles(new String[] { this.management
diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/properties/ShellProperties.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/properties/ShellProperties.java
index 95e0bd5d5b..132bd2530d 100644
--- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/properties/ShellProperties.java
+++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/properties/ShellProperties.java
@@ -39,8 +39,12 @@ import org.springframework.util.StringUtils;
 @ConfigurationProperties(name = "shell", ignoreUnknownFields = true)
 public class ShellProperties {
 
+	private static Log logger = LogFactory.getLog(ShellProperties.class);
+
 	private String auth = "simple";
 
+	private boolean defaultAuth = true;
+
 	@Autowired(required = false)
 	private CrshShellProperties[] additionalProperties = new CrshShellProperties[] { new SimpleAuthenticationProperties() };
 
@@ -60,6 +64,7 @@ public class ShellProperties {
 	public void setAuth(String auth) {
 		Assert.hasLength(auth, "Auth must not be empty");
 		this.auth = auth;
+		this.defaultAuth = false;
 	}
 
 	public String getAuth() {
@@ -127,10 +132,10 @@ public class ShellProperties {
 		this.ssh.applyToCrshShellConfig(properties);
 		this.telnet.applyToCrshShellConfig(properties);
 
-		properties.put("crash.auth", this.auth);
 		for (CrshShellProperties shellProperties : this.additionalProperties) {
 			shellProperties.applyToCrshShellConfig(properties);
 		}
+
 		if (this.commandRefreshInterval > 0) {
 			properties.put("crash.vfs.refresh_period",
 					String.valueOf(this.commandRefreshInterval));
@@ -146,9 +151,24 @@ public class ShellProperties {
 		}
 		this.disabledPlugins = dp.toArray(new String[dp.size()]);
 
+		validateCrshShellConfig(properties);
+
 		return properties;
 	}
 
+	/**
+	 * Basic validation of applied CRaSH shell configuration.
+	 */
+	protected void validateCrshShellConfig(Properties properties) {
+		String finalAuth = properties.getProperty("crash.auth");
+		if (!this.defaultAuth && !this.auth.equals(finalAuth)) {
+			logger.warn(String.format(
+					"Shell authentication fell back to method '%s' opposed to "
+							+ "configured method '%s'. Please check your classpath.",
+					finalAuth, this.auth));
+		}
+	}
+
 	/**
 	 * Base class for CRaSH properties.
 	 */