EndpointRequest.toLinks() does not match when management.endpoints.web.base-path is '/'

[nightswimmings]

I am using a different management port with management.server.base-path: '/management' and management.endpoints.web.base-path: '/'.

When setting up security as .requestMatchers(EndpointRequest.toLinks()).permitAll(), then performing a request over '/management/', returns 403

Root cause:
WebEndpointProperties.setBasePath cleans '/' as ''.

Later on, upon first '/' call, LinksRequestMatcher sees the empty basepath and returns EndpointRequest.EMPTY_MATCHER, which always evaluates to false

[somayaj]

Can this be worked? or is a triage still planned? WebEndpointProperties ln 70 needs fixing.

https://github.com/spring-projects/spring-boot/blob/main/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/endpoint/web/WebEndpointProperties.java#L

[philwebb]

@somayaj You're welcome to work on the issue, I'll assign it to you. Ideally we'll be looking to add a test as well.