I'm having trouble upgrading Spring Boot from 1.1.12 to 1.2.5 but have the same issue in all versions of 1.2.x. The /healthendpoint provided by Actuator is now returning 401 Unauthorized to an integration test that used to work. No code has changed while upgrading the dependency.

我在将 Spring Boot 从 1.1.12 升级到 1.2.5 时遇到问题，但在 1.2.x 的所有版本中都存在相同的问题。/healthActuator 提供的端点现在将 401 Unauthorized 返回到曾经可以工作的集成测试。升级依赖项时没有更改任何代码。

Here's the test case:

这是测试用例：

@Test
public void testNoUserForStatusEndpoint() throws Exception {
    HttpEntity<String> entity = new HttpEntity<>(null, headers);
    ResponseEntity<String> response = template
            .exchange(base + "/health", HttpMethod.GET, entity, String.class);
    assertEquals(HttpStatus.OK, response.getStatusCode());
    assertEquals("{\"status\":\"UP\"}", response.getBody());
}

I expect to see the basic "UP"status but no further details as the user is anonymous and not authenticated.

我希望看到基本"UP"状态，但没有更多详细信息，因为用户是匿名的且未经过身份验证。

Setting management.security.enabled=falsein application.properties causes the endpoint to return the complete health information. This is not desirable.

management.security.enabled=falseapplication.properties 中的设置会导致端点返回完整的健康信息。这是不可取的。

Setting endpoints.health.sensitive=falsedoes nothing.

设置endpoints.health.sensitive=false没有任何作用。

The security configuration has not changed. It is based on Apache termination and a certificate whitelist, which also hasn't changed.

安全配置没有改变。它基于 Apache 终止和证书白名单，这也没有改变。

@Override
public void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();
    http.addFilterBefore(new CustomAuthenticationFilter(authenticationManager(), Environment.getUserWhitelist()), BasicAuthenticationFilter.class);
}

How can I make the test pass?

我怎样才能通过测试？

Updates:

更新：

Originally the only relevant setting in application.propertiesthat was defined is endpoints.health.enabled=true.

最初application.properties定义的唯一相关设置是endpoints.health.enabled=true.

Adding management.health.status.order=UP,DOWN,OUT_OF_SERVICE,UNKNOWNto application.propertiesmakes no difference.

添加management.health.status.order=UP,DOWN,OUT_OF_SERVICE,UNKNOWN到application.properties没有区别。

Using all three properties results in a 401 (doesn't work):

使用所有三个属性会导致 401（不起作用）：

endpoints.health.enabled=true
endpoints.health.sensitive=false
management.health.status.order=UP,DOWN,OUT_OF_SERVICE,UNKNOWN

The main class is just a stripped down Spring Boot application launcher:

主类只是一个精简的 Spring Boot 应用程序启动器：

@Configuration
@EnableAutoConfiguration
@ComponentScan
public class Application {
    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }
}

I have tried adding http.authorizeRequests().antMatchers("/health**").permitAll();to the first line of the security configuration method detailed above. It did not make a difference.

我已经尝试添加http.authorizeRequests().antMatchers("/health**").permitAll();到上面详述的安全配置方法的第一行。它没有任何区别。

According to Spring Boot issue 2120, The endpoints.health.sensitiveproperty is ignored when using custom security. I found no mention of this in the documentation.

根据 Spring Boot问题 2120，endpoints.health.sensitive使用自定义安全性时忽略该属性。我发现文档中没有提到这一点。