EndpointRequest should provide matcher regardless of endpoint exposure

spring-projects / spring-boot

Spring Boot helps you to create Spring-powered, production-grade applications and services with absolute minimum fuss.

https://spring.io/projects/spring-boot

Apache License 2.0

75.42k stars 40.75k forks source link

EndpointRequest should provide matcher regardless of endpoint exposure #13749

Open mbhave opened 6 years ago

mbhave commented 6 years ago

Currently, EndpointRequest provides matchers only for the exposed endpoints. This causes endpoint security to behave differently based on whether the endpoint returns a 200 (when it’s exposure is true) or a 404 (when it’s not included in the exposed endpoints). Someone might want to secure the endpoint regardless of whether it returns a 200 or 404

mbhave commented 6 years ago

This might make #12240 unnecessary.

wilkinsona commented 4 years ago

Given that this is labelled as enhancement, I don't think it should be tackled in 2.2.x. Moving to 2.x.