From da65158eae700674fd616f029c2e29644bb097e9 Mon Sep 17 00:00:00 2001
From: Stephane Nicoll <snicoll@pivotal.io>
Date: Mon, 28 Aug 2017 10:18:19 +0200
Subject: [PATCH] Disable Jolokia by default

To be consistent with Actuator web endpoints, Jolokia is now disabled
by default.

Closes gh-10090
---
 ...JolokiaManagementContextConfiguration.java |  2 +-
 .../jolokia/JolokiaProperties.java            |  2 +-
 ...tContextConfigurationIntegrationTests.java |  3 +-
 ...iaManagementContextConfigurationTests.java | 50 ++++++++++---------
 .../appendix-application-properties.adoc      |  2 +-
 .../src/main/resources/application.properties |  3 +-
 6 files changed, 33 insertions(+), 29 deletions(-)

diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/jolokia/JolokiaManagementContextConfiguration.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/jolokia/JolokiaManagementContextConfiguration.java
index 5ced326a7c..1bbd03f10b 100644
--- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/jolokia/JolokiaManagementContextConfiguration.java
+++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/jolokia/JolokiaManagementContextConfiguration.java
@@ -54,7 +54,7 @@ import org.springframework.web.servlet.mvc.ServletWrappingController;
 @ManagementContextConfiguration
 @ConditionalOnWebApplication(type = Type.SERVLET)
 @ConditionalOnClass({ AgentServlet.class, ServletWrappingController.class })
-@ConditionalOnProperty(value = "management.jolokia.enabled", matchIfMissing = true)
+@ConditionalOnProperty(value = "management.jolokia.enabled", havingValue = "true")
 @EnableConfigurationProperties(JolokiaProperties.class)
 public class JolokiaManagementContextConfiguration {
 
diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/jolokia/JolokiaProperties.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/jolokia/JolokiaProperties.java
index 8a24b5b95d..38f6a0358e 100644
--- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/jolokia/JolokiaProperties.java
+++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/jolokia/JolokiaProperties.java
@@ -35,7 +35,7 @@ public class JolokiaProperties {
 	/**
 	 * Enable Jolokia.
 	 */
-	private boolean enabled = true;
+	private boolean enabled;
 
 	/**
 	 * Path at which Jolokia will be available.
diff --git a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/jolokia/JolokiaManagementContextConfigurationIntegrationTests.java b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/jolokia/JolokiaManagementContextConfigurationIntegrationTests.java
index 47fda28053..1d4ff90374 100644
--- a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/jolokia/JolokiaManagementContextConfigurationIntegrationTests.java
+++ b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/jolokia/JolokiaManagementContextConfigurationIntegrationTests.java
@@ -58,7 +58,8 @@ import static org.assertj.core.api.Assertions.assertThat;
 @RunWith(SpringRunner.class)
 @SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
 @DirtiesContext
-@TestPropertySource(properties = "management.security.enabled=false")
+@TestPropertySource(properties = { "management.jolokia.enabled=true",
+		"management.security.enabled=false" })
 public class JolokiaManagementContextConfigurationIntegrationTests {
 
 	@Autowired
diff --git a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/jolokia/JolokiaManagementContextConfigurationTests.java b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/jolokia/JolokiaManagementContextConfigurationTests.java
index 97eebcd637..548e49ee4d 100644
--- a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/jolokia/JolokiaManagementContextConfigurationTests.java
+++ b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/jolokia/JolokiaManagementContextConfigurationTests.java
@@ -44,45 +44,47 @@ public class JolokiaManagementContextConfigurationTests {
 
 	@Test
 	public void jolokiaIsEnabledByDefault() {
-		this.contextRunner.run((context) -> {
-			assertThat(context).hasSingleBean(ServletRegistrationBean.class);
-			ServletRegistrationBean<?> registrationBean = context
-					.getBean(ServletRegistrationBean.class);
-			assertThat(registrationBean.getUrlMappings())
-					.contains("/application/jolokia/*");
-			assertThat(registrationBean.getInitParameters()).isEmpty();
-		});
+		this.contextRunner.withPropertyValues("management.jolokia.enabled=true")
+				.run((context) -> {
+					assertThat(context).hasSingleBean(ServletRegistrationBean.class);
+					ServletRegistrationBean<?> registrationBean = context
+							.getBean(ServletRegistrationBean.class);
+					assertThat(registrationBean.getUrlMappings())
+							.contains("/application/jolokia/*");
+					assertThat(registrationBean.getInitParameters()).isEmpty();
+				});
 	}
 
 	@Test
-	public void jolokiaCanBeDisabled() {
-		this.contextRunner.withPropertyValues("management.jolokia.enabled=false")
-				.run((context) -> assertThat(context)
-						.doesNotHaveBean(ServletRegistrationBean.class));
+	public void jolokiaIsDisabledByDefault() {
+		this.contextRunner.run((context) -> assertThat(context)
+				.doesNotHaveBean(ServletRegistrationBean.class));
 	}
 
 	@Test
 	public void customPath() {
-		this.contextRunner.withPropertyValues("management.jolokia.path=/lokia")
-				.run(isDefinedOnPath("/application/lokia/*"));
+		this.contextRunner.withPropertyValues("management.jolokia.enabled=true",
+				"management.jolokia.path=/lokia").run(
+				isDefinedOnPath("/application/lokia/*"));
 	}
 
 	@Test
 	public void customManagementPath() {
-		this.contextRunner.withPropertyValues("management.context-path=/admin")
-				.run(isDefinedOnPath("/admin/jolokia/*"));
+		this.contextRunner.withPropertyValues("management.jolokia.enabled=true",
+				"management.context-path=/admin").run(
+				isDefinedOnPath("/admin/jolokia/*"));
 	}
 
 	@Test
 	public void customInitParameters() {
-		this.contextRunner.withPropertyValues("management.jolokia.config.debug=true")
-				.run((context) -> {
-					assertThat(context).hasSingleBean(ServletRegistrationBean.class);
-					ServletRegistrationBean<?> registrationBean = context
-							.getBean(ServletRegistrationBean.class);
-					assertThat(registrationBean.getInitParameters())
-							.containsOnly(entry("debug", "true"));
-				});
+		this.contextRunner.withPropertyValues("management.jolokia.enabled=true",
+				"management.jolokia.config.debug=true").run((context) -> {
+			assertThat(context).hasSingleBean(ServletRegistrationBean.class);
+			ServletRegistrationBean<?> registrationBean = context
+					.getBean(ServletRegistrationBean.class);
+			assertThat(registrationBean.getInitParameters())
+					.containsOnly(entry("debug", "true"));
+		});
 	}
 
 	private ContextConsumer<AssertableWebApplicationContext> isDefinedOnPath(
diff --git a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
index 4ed4faa7a9..fbfec62f7d 100644
--- a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
+++ b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
@@ -1274,7 +1274,7 @@ content into your application; rather pick only the properties that you need.
 
 	# JOLOKIA ({sc-spring-boot-actuator}/autoconfigure/jolokia/JolokiaProperties.{sc-ext}[JolokiaProperties])
 	management.jolokia.config.*= # Jolokia settings. See the Jolokia manual for details.
-	management.jolokia.enabled=true # Enable Jolokia.
+	management.jolokia.enabled=false # Enable Jolokia.
 	management.jolokia.path=/jolokia # Path at which Jolokia will be available.
 
 	# TRACING ({sc-spring-boot-actuator}/trace/TraceProperties.{sc-ext}[TraceProperties])
diff --git a/spring-boot-samples/spring-boot-sample-actuator-ui/src/main/resources/application.properties b/spring-boot-samples/spring-boot-sample-actuator-ui/src/main/resources/application.properties
index ed6b8f0368..a8df462fe7 100644
--- a/spring-boot-samples/spring-boot-sample-actuator-ui/src/main/resources/application.properties
+++ b/spring-boot-samples/spring-boot-sample-actuator-ui/src/main/resources/application.properties
@@ -1,2 +1,3 @@
 health.diskspace.enabled=false
-endpoints.all.web.enabled=true
\ No newline at end of file
+endpoints.all.web.enabled=true
+management.jolokia.enabled=true
\ No newline at end of file