Always match the links endpoint with GET

The links endpoint only supports GET, so its matcher is now hardcoded
to GET. withHttpMethod(...) continues to apply only to endpoint paths
and the behaviour is documented on its Javadoc.

Signed-off-by: Lee JiWon <dlwldnjs1009@gmail.com>

Author: dlwldnjs1009

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/reactive/EndpointRequest.java

@@ -119,7 +119,7 @@ public static EndpointServerWebExchangeMatcher to(String... endpoints) {
 	 * @return the configured {@link ServerWebExchangeMatcher}
 	 */
 	public static LinksServerWebExchangeMatcher toLinks() {
-		return new LinksServerWebExchangeMatcher(null);
+		return new LinksServerWebExchangeMatcher();
 	}
 
 	/**
@@ -316,6 +316,8 @@ public EndpointServerWebExchangeMatcher excludingLinks() {
 
 		/**
 		 * Restricts the matcher to only consider requests with a particular http method.
+		 * <p>
+		 * The links endpoint, if included, is always matched using {@code GET}.
 		 * @param httpMethod the http method to include
 		 * @return a copy of the matcher further restricted to only match requests with
 		 * the specified http method
@@ -335,7 +337,7 @@ protected ServerWebExchangeMatcher createDelegate(PathMappedEndpoints endpoints)
 			List<ServerWebExchangeMatcher> delegateMatchers = getDelegateMatchers(paths, this.httpMethod);
 			String linksPath = getLinksPath(endpoints.getBasePath());
 			if (this.includeLinks && linksPath != null) {
-				delegateMatchers.add(new LinksServerWebExchangeMatcher(this.httpMethod));
+				delegateMatchers.add(new LinksServerWebExchangeMatcher());
 			}
 			if (delegateMatchers.isEmpty()) {
 				return EMPTY_MATCHER;
@@ -364,21 +366,18 @@ public String toString() {
 	 */
 	public static final class LinksServerWebExchangeMatcher extends AbstractWebExchangeMatcher<WebEndpointProperties> {
 
-		private final HttpMethod httpMethod;
-
-		private LinksServerWebExchangeMatcher(HttpMethod httpMethod) {
+		private LinksServerWebExchangeMatcher() {
 			super(WebEndpointProperties.class);
-			this.httpMethod = httpMethod;
 		}
 
 		@Override
 		protected ServerWebExchangeMatcher createDelegate(WebEndpointProperties properties) {
 			String linksPath = getLinksPath(properties.getBasePath());
 			if (linksPath != null) {
 				List<ServerWebExchangeMatcher> linksMatchers = new ArrayList<>();
-				linksMatchers.add(new PathPatternParserServerWebExchangeMatcher(linksPath, this.httpMethod));
+				linksMatchers.add(new PathPatternParserServerWebExchangeMatcher(linksPath, HttpMethod.GET));
 				if (!linksPath.endsWith("/")) {
-					linksMatchers.add(new PathPatternParserServerWebExchangeMatcher(linksPath + "/", this.httpMethod));
+					linksMatchers.add(new PathPatternParserServerWebExchangeMatcher(linksPath + "/", HttpMethod.GET));
 				}
 				return new OrServerWebExchangeMatcher(linksMatchers);
 			}

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequest.java

@@ -225,11 +225,11 @@ protected final List<RequestMatcher> getDelegateMatchers(RequestMatcherFactory r
 		}
 
 		protected List<RequestMatcher> getLinksMatchers(RequestMatcherFactory requestMatcherFactory,
-				RequestMatcherProvider matcherProvider, HttpMethod httpMethod, String linksPath) {
+				RequestMatcherProvider matcherProvider, String linksPath) {
 			List<RequestMatcher> linksMatchers = new ArrayList<>();
-			linksMatchers.add(requestMatcherFactory.antPath(matcherProvider, httpMethod, linksPath));
+			linksMatchers.add(requestMatcherFactory.antPath(matcherProvider, HttpMethod.GET, linksPath));
 			if (!linksPath.endsWith("/")) {
-				linksMatchers.add(requestMatcherFactory.antPath(matcherProvider, httpMethod, linksPath, "/"));
+				linksMatchers.add(requestMatcherFactory.antPath(matcherProvider, HttpMethod.GET, linksPath, "/"));
 			}
 			return linksMatchers;
 		}
@@ -350,6 +350,8 @@ public EndpointRequestMatcher excludingLinks() {
 
 		/**
 		 * Restricts the matcher to only consider requests with a particular HTTP method.
+		 * <p>
+		 * The links endpoint, if included, is always matched using {@code GET}.
 		 * @param httpMethod the HTTP method to include
 		 * @return a copy of the matcher further restricted to only match requests with
 		 * the specified HTTP method
@@ -375,8 +377,7 @@ protected RequestMatcher createDelegate(WebApplicationContext context,
 			String basePath = endpoints.getBasePath();
 			String linksPath = getLinksPath(context, basePath);
 			if (this.includeLinks && linksPath != null) {
-				delegateMatchers
-					.addAll(getLinksMatchers(requestMatcherFactory, matcherProvider, this.httpMethod, linksPath));
+				delegateMatchers.addAll(getLinksMatchers(requestMatcherFactory, matcherProvider, linksPath));
 			}
 			if (delegateMatchers.isEmpty()) {
 				return EMPTY_MATCHER;
@@ -412,7 +413,7 @@ protected RequestMatcher createDelegate(WebApplicationContext context,
 			String linksPath = getLinksPath(context, properties.getBasePath());
 			if (linksPath != null) {
 				return new OrRequestMatcher(
-						getLinksMatchers(requestMatcherFactory, getRequestMatcherProvider(context), null, linksPath));
+						getLinksMatchers(requestMatcherFactory, getRequestMatcherProvider(context), linksPath));
 			}
 			return EMPTY_MATCHER;
 		}

spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/reactive/EndpointRequestTests.java

@@ -73,10 +73,15 @@ void toAnyEndpointWithHttpMethodShouldRespectRequestMethod() {
 		ServerWebExchangeMatcher matcher = EndpointRequest.toAnyEndpoint().withHttpMethod(HttpMethod.POST);
 		assertMatcher(matcher, "/actuator").matches(HttpMethod.POST, "/actuator/foo");
 		assertMatcher(matcher, "/actuator").doesNotMatch(HttpMethod.GET, "/actuator/foo");
-		assertMatcher(matcher, "/actuator").matches(HttpMethod.POST, "/actuator");
-		assertMatcher(matcher, "/actuator").doesNotMatch(HttpMethod.GET, "/actuator");
-		assertMatcher(matcher, "/actuator").matches(HttpMethod.POST, "/actuator/");
-		assertMatcher(matcher, "/actuator").doesNotMatch(HttpMethod.GET, "/actuator/");
+	}
+
+	@Test
+	void toAnyEndpointWithHttpMethodShouldUseGetForLinks() {
+		ServerWebExchangeMatcher matcher = EndpointRequest.toAnyEndpoint().withHttpMethod(HttpMethod.POST);
+		assertMatcher(matcher, "/actuator").matches(HttpMethod.GET, "/actuator");
+		assertMatcher(matcher, "/actuator").doesNotMatch(HttpMethod.POST, "/actuator");
+		assertMatcher(matcher, "/actuator").matches(HttpMethod.GET, "/actuator/");
+		assertMatcher(matcher, "/actuator").doesNotMatch(HttpMethod.POST, "/actuator/");
 	}
 
 	@Test
@@ -144,8 +149,10 @@ void toLinksShouldOnlyMatchLinks() {
 		ServerWebExchangeMatcher matcher = EndpointRequest.toLinks();
 		assertMatcher(matcher).doesNotMatch("/actuator/foo");
 		assertMatcher(matcher).doesNotMatch("/actuator/bar");
-		assertMatcher(matcher).matches("/actuator");
-		assertMatcher(matcher).matches("/actuator/");
+		assertMatcher(matcher).matches(HttpMethod.GET, "/actuator");
+		assertMatcher(matcher).doesNotMatch(HttpMethod.POST, "/actuator");
+		assertMatcher(matcher).matches(HttpMethod.GET, "/actuator/");
+		assertMatcher(matcher).doesNotMatch(HttpMethod.POST, "/actuator/");
 	}
 
 	@Test

spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequestTests.java

@@ -64,7 +64,7 @@ void toAnyEndpointShouldMatchEndpointPath() {
 		assertMatcher(matcher, "/actuator").matches("/actuator/foo/zoo/");
 		assertMatcher(matcher, "/actuator").matches("/actuator/bar");
 		assertMatcher(matcher, "/actuator").matches("/actuator/bar/baz");
-		assertMatcher(matcher, "/actuator").matches("/actuator");
+		assertMatcher(matcher, "/actuator").matches(HttpMethod.GET, "/actuator");
 	}
 
 	@Test
@@ -73,18 +73,24 @@ void toAnyEndpointWithHttpMethodShouldRespectRequestMethod() {
 			.withHttpMethod(HttpMethod.POST);
 		assertMatcher(matcher, "/actuator").matches(HttpMethod.POST, "/actuator/foo");
 		assertMatcher(matcher, "/actuator").doesNotMatch(HttpMethod.GET, "/actuator/foo");
-		assertMatcher(matcher, "/actuator").matches(HttpMethod.POST, "/actuator");
-		assertMatcher(matcher, "/actuator").doesNotMatch(HttpMethod.GET, "/actuator");
-		assertMatcher(matcher, "/actuator").matches(HttpMethod.POST, "/actuator/");
-		assertMatcher(matcher, "/actuator").doesNotMatch(HttpMethod.GET, "/actuator/");
+	}
+
+	@Test
+	void toAnyEndpointWithHttpMethodShouldUseGetForLinks() {
+		EndpointRequest.EndpointRequestMatcher matcher = EndpointRequest.toAnyEndpoint()
+			.withHttpMethod(HttpMethod.POST);
+		assertMatcher(matcher, "/actuator").matches(HttpMethod.GET, "/actuator");
+		assertMatcher(matcher, "/actuator").doesNotMatch(HttpMethod.POST, "/actuator");
+		assertMatcher(matcher, "/actuator").matches(HttpMethod.GET, "/actuator/");
+		assertMatcher(matcher, "/actuator").doesNotMatch(HttpMethod.POST, "/actuator/");
 	}
 
 	@Test
 	void toAnyEndpointShouldMatchEndpointPathWithTrailingSlash() {
 		RequestMatcher matcher = EndpointRequest.toAnyEndpoint();
 		assertMatcher(matcher, "/actuator").matches("/actuator/foo/");
 		assertMatcher(matcher, "/actuator").matches("/actuator/bar/");
-		assertMatcher(matcher, "/actuator").matches("/actuator/");
+		assertMatcher(matcher, "/actuator").matches(HttpMethod.GET, "/actuator/");
 	}
 
 	@Test
@@ -101,7 +107,7 @@ void toAnyEndpointWhenBasePathIsEmptyAndManagementPortDifferentShouldMatchLinks(
 		RequestMatcher matcher = EndpointRequest.toAnyEndpoint();
 		RequestMatcherAssert assertMatcher = assertMatcher(matcher, mockPathMappedEndpoints(""), null,
 				WebServerNamespace.MANAGEMENT);
-		assertMatcher.matches("/");
+		assertMatcher.matches(HttpMethod.GET, "/");
 		assertMatcher.matches("/foo");
 	}
 
@@ -116,7 +122,7 @@ void toAnyEndpointWhenDispatcherServletPathProviderNotAvailableUsesEmptyPath() {
 		RequestMatcher matcher = EndpointRequest.toAnyEndpoint();
 		assertMatcher(matcher, "/actuator").matches("/actuator/foo");
 		assertMatcher(matcher, "/actuator").matches("/actuator/bar");
-		assertMatcher(matcher, "/actuator").matches("/actuator");
+		assertMatcher(matcher, "/actuator").matches(HttpMethod.GET, "/actuator");
 		assertMatcher(matcher, "/actuator").doesNotMatch("/actuator/baz");
 	}
 
@@ -151,8 +157,10 @@ void toLinksShouldOnlyMatchLinks() {
 		RequestMatcher matcher = EndpointRequest.toLinks();
 		assertMatcher(matcher).doesNotMatch("/actuator/foo");
 		assertMatcher(matcher).doesNotMatch("/actuator/bar");
-		assertMatcher(matcher).matches("/actuator");
-		assertMatcher(matcher).matches("/actuator/");
+		assertMatcher(matcher).matches(HttpMethod.GET, "/actuator");
+		assertMatcher(matcher).doesNotMatch(HttpMethod.POST, "/actuator");
+		assertMatcher(matcher).matches(HttpMethod.GET, "/actuator/");
+		assertMatcher(matcher).doesNotMatch(HttpMethod.POST, "/actuator/");
 	}
 
 	@Test
@@ -169,7 +177,7 @@ void toLinksWhenBasePathEmptyAndManagementPortDifferentShouldMatchRoot() {
 		RequestMatcher matcher = EndpointRequest.toLinks();
 		RequestMatcherAssert assertMatcher = assertMatcher(matcher, mockPathMappedEndpoints(""), null,
 				WebServerNamespace.MANAGEMENT);
-		assertMatcher.matches("/");
+		assertMatcher.matches(HttpMethod.GET, "/");
 		assertMatcher.doesNotMatch("/foo");
 	}
 
@@ -184,7 +192,7 @@ void excludeByClassShouldNotMatchExcluded() {
 		assertMatcher(matcher, pathMappedEndpoints).doesNotMatch("/actuator/foo");
 		assertMatcher(matcher, pathMappedEndpoints).doesNotMatch("/actuator/baz");
 		assertMatcher(matcher).matches("/actuator/bar");
-		assertMatcher(matcher).matches("/actuator");
+		assertMatcher(matcher).matches(HttpMethod.GET, "/actuator");
 	}
 
 	@Test
@@ -199,7 +207,7 @@ void excludeByIdShouldNotMatchExcluded() {
 		RequestMatcher matcher = EndpointRequest.toAnyEndpoint().excluding("foo");
 		assertMatcher(matcher).doesNotMatch("/actuator/foo");
 		assertMatcher(matcher).matches("/actuator/bar");
-		assertMatcher(matcher).matches("/actuator");
+		assertMatcher(matcher).matches(HttpMethod.GET, "/actuator");
 	}
 
 	@Test