Commit Graph

1788 Commits (1cd3b0cabe2f4479a07659c560c946eb03423d9e)

Author SHA1 Message Date
Christian Dupuis b14c607d36 Add missing tests 11 years ago
Christian Dupuis 405c9d5593 Allow management endpoints to express what http methods they support
Previously a management endpoint was either GET or POST. That requirement seems limited.
11 years ago
Christian Dupuis 845aeecbad Properly close application context in tests 11 years ago
Christian Dupuis cd89691726 Pin order to of crsh auto configuration to happen after any security related configuration
If crsh auto configuration happens too early a AuthenticationManager contributed by SecurityAutoConfiguration will not be detected
11 years ago
Dave Syer 61dd7d1dbb Add port scan to ServerProperties (server.scan=true)
Also moved ServerProperties to autoconfigure project.
11 years ago
Dave Syer bd26b28aa5 Extract actuator security into separate classes
So spring-security + a web app is secure by default
(you don't need the actuator).
11 years ago
Christian Dupuis f3a225f35f Polish and rework default authentication method if a Spring Security AuthenticationManager is available
In case a Spring Security AuthenticationManager is found in the app context the auto configuration will change default shell authentication method to auth against Spring Security. In addition shell access will get protected by the specific role configured in SecurityProperties.Management.

Certainly this can be overridden by providing shell.auth and shell.auth.spring.roles.
11 years ago
Christian Dupuis 43c0c932e6 Ensure telnet connector gets installed if available on the class path 11 years ago
Christian Dupuis 2e926601f2 Polish 11 years ago
Christian Dupuis dba8c01035 Polish 11 years ago
Christian Dupuis e16e23230c Clarify default authentication settings for shell access 11 years ago
Christian Dupuis 41cbbeba79 Re-Introduce authentication specific properties 11 years ago
Christian Dupuis e009d3e47d Polish
Fixed inconsistency in method naming after last polish. Method and class name should use 'crsh' instead of 'crash' to be aligned with CRaSH code base.

Implemented facility to provide custom shell properties by adding beans of type CrshShellProperties to the ApplicationContext.
11 years ago
Christian Dupuis dc252c7417 Remove unnecessary String concatenation 11 years ago
Dave Syer 2f7214002d Update Spring to catch SPR-11069 11 years ago
Phillip Webb 0f85f31960 Polish 11 years ago
Phillip Webb 64f32893bb Source format and clean-up 11 years ago
Phillip Webb 883fd9162f Polish 11 years ago
Dave Syer b39ab925cf Make the AutoConfigurationReportEndpoint path a bit shorter 11 years ago
Phillip Webb dc3d670019 Strip trailing whitespace 11 years ago
Christian Dupuis 1f922f49b0 Switch to placeholders in conditional expressions; Ensure that Crsh auto configuration works without Spring Security 11 years ago
Christian Dupuis a498a7f477 Make simple authentication the default and log default password 11 years ago
Phillip Webb dafeddca09 Rework auto-configure report
Update the auto-configuration report to improve log formatting and to
separate the internal report data-structure from the JSON friendly
endpoint data-structure.
11 years ago
Phillip Webb ab249b034d Rename Outcome -> ConditionOutcome 11 years ago
Christian Dupuis 9f13d291ec Return early if no plugins should be disabled 11 years ago
Phillip Webb b39ed89a6f Increase whitespace around password logging
Increase the whitespace to make the password easier to find in the log.
11 years ago
Dave Syer 68475406eb Really fix it 11 years ago
Dave Syer c144cae600 Comment out security condition pending SPR-11069 11 years ago
Phillip Webb d784cb6a88 Apply eclipse-formatter conventions 11 years ago
Dave Syer 0c79c8913f Ensure AutoConfigurationReport is always present 11 years ago
Greg Turnquist b63016d8fc Create a report based on Boot's autoconfiguration decisions
- Gather autoconfiguration conditional decisiions (true and false)
- Provide an actuator endpoint as one means to read the report
- Define @EnableAutConfigurationReport annotation to turn this feature on
- Tidy up autoconfig report a bit and log it if --debug=true
11 years ago
Christian Dupuis f9caade3cc Fix test assertion 11 years ago
Christian Dupuis 6b599b8483 Add remote shell implementation based on crsh
This commit adds a new starter named spring-boot-starter-shell-crsh and auto configuration support to embed a system shell within Spring Boot applications.

The embedded shell allows clients to connect via ssh or telnet to the Boot app and execute commands. Commands can be implemented and embedded with app.

For sample usage see spring-boot-samples-actuator.
11 years ago
Dave Syer c29d2b1be4 Remove a small race condition 11 years ago
Dave Syer 7e7d4b7d3d Only do Actuator MVC config if in a web app 11 years ago
Dave Syer bd719c1330 Nest the @EnableWebSecurity so it can be added to a condition 11 years ago
Dave Syer 761c2dabd1 Fix build 11 years ago
Dave Syer 1bd65c7487 Make context hierarchies play nicely with actuator 11 years ago
Dave Syer f84df423e8 Better implementation of ignores in security config 11 years ago
Dave Syer e4d594cce5 Avoid registering endpoints if Spring MVC not available 11 years ago
Dave Syer e53dad879d Add sample with form login 11 years ago
Dave Syer 63a2d06767 Explicitly disable security on management endpoints if requested
Previously the management endpoint filter was applied to all requests
if the user had disabled security.management.enabled, but since it
had no security applied it was letting all requests through.

The fix was to explicitly exclude the whole enclosing configuration
and carefully ignore the management endpoints in the normal security
chain.

Fixes gh-100.
11 years ago
Dave Syer 5e9b8c3340 Add missing depdendency 11 years ago
Rob Winch 77b5ad1b0b Update to Spring Security Snapshot 11 years ago
Dave Syer 0498617411 Disable whitelabel view if Thymeleaf error.html detected 11 years ago
Dave Syer 4b2cea7267 Add simple DB aware HealthIndicator 11 years ago
Dave Syer fede0d1c98 Add profiles to /env 11 years ago
Dave Syer cd5bc83533 Fix build some more after changes for gh-84 11 years ago
Dave Syer 228787e66d Fix build after changes for gh-84 11 years ago
ggerard 182328697d Spelling error: "everypone" 11 years ago
Dave Syer 345c0fc5a4 Add SpringApplicationBuilder
Builder for SpringApplication and ApplicationContext instances with
convenient fluent API and context hierarchy support. Simple example
of a context hierarchy:

   new SpringApplicationBuilder(ParentConfig.class)
               .child(ChildConfig.class).run(args);

Another common use case is setting default arguments, e.g.
active Spring profiles, to set up the environment for an application:

     new SpringApplicationBuilder(Application.class).profiles("server")
 		.defaultArgs("--transport=local").run(args);

If your needs are simpler, consider using the static convenience
methods in SpringApplication instead.

[#49703716] [bs-116] Parent context for some beans maybe?
11 years ago
Dave Syer 0df4156b57 Lazy initialization of management server properties 11 years ago
Dave Syer f7fa63bcb4 Add status and error messages to /trace
[Fixes #57949108] [bs-323] Make sure /trace shows error responses
11 years ago
Dave Syer ecc4676fb3 Tweak security example 11 years ago
lecaros cf4f549b06 change credentials order in authentication manager example
username/password pairs were incorrect. The authentication manager has "user" and "password", so those credentials should be allowed to get the actual message.
11 years ago
checketts 7236015a4d Fix the AuthenticationManagerBuilder code snippet
Fix AuthenticationManagerBuilder code snippet to add the missing the
ObjectPostProcessor parameter for the constructor.

Issue: #45
11 years ago
Dave Syer ba4a81510b Add response headers to Trace 11 years ago
Dave Syer 7a6131c466 Make InMemoryMetricRepository.increment() thread safe 11 years ago
Dave Syer 8467a66e84 Add security.management.enabled flag 11 years ago
Dave Syer 5f8f062545 Allow security.ignored=none to switch off ignores 11 years ago
Dave Syer f63071d38a Allow security.ignored to be set as a list (e.g. indexed)
In particular this allows a YAML externalization as an array
as opposed to a CSV.
11 years ago
Dave Syer 1366216b7f Add X-Application-Context header to identify app 11 years ago
Dave Syer 2ba01008bb Add headers external properties for security filters 11 years ago
Dave Syer 5d7101fb5a Really disable security for app endpoints
If the user sets security.basic.enabled=false we should just
back away from the non-management endpoints completely.
Previously the Spring Security filter was still added but with
no authentication, creating complications when unexpected
headers etc. are added by Spring Security.
11 years ago
Dave Syer 38e565e920 Back to SNAPSHOT for dev 11 years ago
Dave Syer b634b3bde6 Update to 0.5.0.M2 11 years ago
Dave Syer 9e18183dd5 Don't set deefault password if empty or unresolved 11 years ago
Dave Syer 1e0e2e7102 Switch off CSRF filter
Might need to revisit later.
11 years ago
Dave Syer 43fc107437 Fix security config
The management endpoints were still all mixed up
with the user endpoints. Fixed that and extracted
user endpoints in to conditional block so not
protected if path explicitly set to empty string.

[#53029715]
11 years ago
Dave Syer 6498f0e8b8 Add logger for default password 11 years ago
Dave Syer 621116c9b8 ManagementServerConfiguration security
Management endpoints are still secure by default if
Spring Security is present, but now the default
user details have an ADMIN role, and a random password
(which is logged at INFO level if not overridden).

To override you add management.user.password (name, role)
to external properties.

[Fixes #53029715] [bs-203]
11 years ago
Dave Syer c582fa2067 /info endpoint should be open by default
[#53029715] [bs-203] ManagementServerConfiguration security
11 years ago
ggerard 322b5e5c2b Typo (mvn -> curl) 11 years ago
Dave Syer 4c4e013c5e Avoid NPE in error controller 11 years ago
Phillip Webb cf655945aa Polish 11 years ago
Dave Syer 2ba1bd9dbb Fix security dependency in README 11 years ago
Dave Syer a2fe8a0e89 Actuator README accuracy 11 years ago
Dave Syer f645b03939 Fix pom in actuator README 11 years ago
Dave Syer 521174754e Add default /error view for HTML clients
* Add integration tests for /error view
* Add "error" @Bean as default view for HTML

Users may see side effects because now there will be
a ContentNegotiatingViewResolver by default for the
first time in a vanilla Actuator app. Should be
interesting.

[Fixes #54597932] [bs-273] Circular view reference for /error
11 years ago
Dave Syer 12f0d4d95e Rename ops package to actuate 11 years ago
Dave Syer e967c2d551 Add exception with more helpful error message.
[#54676948] Filter registered twice
11 years ago
Phillip Webb 4e11ae1671 Documentation
Various updates to README.md files.
11 years ago
Phillip Webb 1db22aca5c Rework POM structure
Rework main build POM to be an aggregator pom that does not inherit
from any parent. Introduce new spring-boot-dependencies module to
act as a parent for both spring-boot-starter-parent and
spring-boot-parent.
11 years ago
Dave Syer 4bb5de02e7 Switch back to SNAPSHOT for dev 11 years ago
Dave Syer 68e5a7e887 Bump version to 0.5.0.M1 11 years ago
Phillip Webb e1c6860a41 Documentation 11 years ago
Phillip Webb c83400d265 Move conditions from boot to autoconfigure
Issue: #54393078
11 years ago
Dave Syer 5995b7727a Ops -> Actuator 11 years ago