Commit Graph

155 Commits (28b38ddc9a94d5097d70ae533bcf71024168b65d)

Author SHA1 Message Date
Andy Wilkinson ba4671f0ab Merge branch '1.5.x' into 2.0.x 6 years ago
Andy Wilkinson 94633cfd89 Merge branch '1.4.x' into 1.5.x 6 years ago
Andy Wilkinson baec3d6e8e Merge branch '1.3.x' into 1.4.x 6 years ago
Spring Operator e401d02ced Use HTTPS for external links wherever possible
See gh-16316
6 years ago
Andy Wilkinson 9fbd38ab3c Merge branch '1.5.x' into 2.0.x 6 years ago
Andy Wilkinson 4b6bddd476 Merge branch '1.4.x' into 1.5.x 6 years ago
Andy Wilkinson 6920c39349 Merge branch '1.3.x' into 1.4.x 6 years ago
Andy Wilkinson 0e009ef047 Use HTTPS to link to the Apache license 6 years ago
Spring Operator 3e2b6ac8ed Update build and setup configuration to use HTTPS
See gh-16246
6 years ago
Spring Operator 991ba550d3 Update build and setup configuration to use HTTPS
See gh-16245
6 years ago
Spring Operator e2837843e1 Update build and setup configuration to use HTTPS
See gh-16244
6 years ago
Spring Operator 7c314122f7 Update build and setup configuration to use HTTPS
See gh-16243
6 years ago
Spring Buildmaster b04710d744 Next development version 6 years ago
Spring Buildmaster 9bb64a3493 Next Development Version 6 years ago
Spring Buildmaster 4d24feb443 Next development version 6 years ago
Spring Buildmaster 46df506b0a Next development version 6 years ago
Spring Buildmaster 73bf744cb0 Next Development Version 6 years ago
Spring Buildmaster 36b8639853 Next Development Version 7 years ago
Phillip Webb 21d80d87a3 Merge branch '1.5.x' into 2.0.x 7 years ago
Phillip Webb e69296d7d3 Fix checkstyle violations in samples 7 years ago
Spring Buildmaster 010b4fccbd Next development version 7 years ago
Spring Buildmaster c10aad165f Next Development Version 7 years ago
Spring Buildmaster ade4760842 Next Development Version 7 years ago
Stephane Nicoll 7473642f58 Harmonize endpoints exclude property
Closes gh-11914
7 years ago
Andy Wilkinson a09c64e18c Polish 7 years ago
Spring Buildmaster 6414b42335 Next Development Version 7 years ago
Madhura Bhave d65f9b25bc Remove redundant throws Exception 7 years ago
Phillip Webb f3379668ac Polish 7 years ago
Madhura Bhave e57aafd63d Provide EndpointRequest for WebFlux-based Security
Closes gh-11022
7 years ago
Stephane Nicoll 23218add90 Polish 7 years ago
Spring Buildmaster df2ae7aa19 Next Development Version 7 years ago
Phillip Webb 07f71e889e Move `/application` to `/actuator`
Change the endpoint default path from `/application` to `/actuator`.

Fixes gh-10970
7 years ago
Phillip Webb fd5c43cdc9 Separate endpoint concerns
Update endpoint code to provide cleaner separation of concerns.
Specifically, the top level endpoint package is no longer aware of
the fact that JMX and HTTP are ultimately used to expose endpoints.
Caching concerns have also been abstracted behind a general purpose
`OperationMethodInvokerAdvisor` interface.

Configuration properties have been refined to further enforce
separation. The `management.endpoint.<name>` prefix provides
configuration for a  single endpoint (including enable and cache
time-to-live). These  properties are now technology agnostic (they
don't include `web` or `jmx` sub properties).

The `management.endpoints.<technology>` prefix provide exposure specific
configuration. For example, `management.endpoints.web.path-mapping`
allow endpoint URLs to be changed.

Endpoint enabled/disabled logic has been simplified so that endpoints
can't be disabled per exposure technology. Instead a filter based
approach is used to allow refinement of what endpoints are exposed over
a given technology.

Fixes gh-10176
7 years ago
Ivan Sopov d8fa71bc97 Samples cleanup
- Modifying dependencies to starter-web with tomcat exclusion plus
  alternative servlet container instead of manual dependency on
  spring-webmvc as it is the preferrable way to use alternative servlet
  container
- Previously RestTemplate with ssl was configured manually in tests - now
  it rellies on autoconfiguration - changed this for multi-connector test
  and added test to ensure that ssl autoconfiguration is working
- Most samples with alterntative servlet containers used some kind of
  service reading property and returning default since it wasn't
  configured - removed it, since it is not specific to using alternative
  servlet containers.

See gh-10548
7 years ago
Andy Wilkinson 66b55defa0 Adapt to password encoder changes in Spring Security
Closes gh-10762
7 years ago
Madhura Bhave 8600bd7294 Upgrade to Spring Security 5.0.0.BUILD-SNAPSHOT
Following some changes in the latest snapshot this includes:
- Some updates to oauth2 client auto-config
- Security auto-config no longer relies on GlobalAuthenticationConfigurerAdapter
- Remove reactive security starter

Closes gh-10704
7 years ago
Spring Buildmaster c0f9f64776 Next Development Version 7 years ago
Phillip Webb 2855010841 Fix sample POMs
Update sample POMs to follow CI friendly Maven conventions.

See gh-9316
7 years ago
Spring Buildmaster 30eb937a83 Next Development Version 7 years ago
Phillip Webb 46dfe38b60 Rework security request matchers
Update the security request matchers so that a bean is no longer needed
when the matcher is used. Matchers can now be build by starting from
the `EndpointRequest` or `StaticResourceRequest` classes. For example:

http.authorizeRequests()
  .requestMatchers(EndpointRequest.to("status", "info")).permitAll()
  .requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ACTUATOR")
  .requestMatchers(StaticResourceRequest.toCommonLocations()).permitAll()

Closes gh-7958
7 years ago
Phillip Webb 0f99b29b1a Temporarily remove security matchers
Temporarily back out `SpringBootSecurity` to enable easier
package refactoring.

See gh-10261
7 years ago
Phillip Webb ecb8461e8c Manually format security configuration
Update security configuration formatting to follow conventions
recommended in the Spring Security documentation.

See gh-7958
7 years ago
Phillip Webb 2c97d3a5e9 Polish 7 years ago
Stephane Nicoll 98455e30dc Rename default endpoint settings to "default"
Closes gh-10098
7 years ago
Madhura Bhave e08ddbf838 Rework security autoconfiguration
This commit combines security autoconfigurations for
management endpoints and the rest of the application. By default,
if Spring Security is on the classpath, it turns on @EnableWebSecurity.
In the presence of another WebSecurityConfigurerAdapter this backs off
completely. A default AuthenticationManager is also provided with a user
and generated password. This can be turned off by specifying a bean of
type AuthenticationManager, AuthenticationProvider or UserDetailsService.

Closes gh-7958
7 years ago
Andy Wilkinson ee16332745 Update Actuator to use the new endpoint infrastructure
This commit migrates the Actuator onto the new endpoint infrastruture.
In addition to the existing support for accessing the endpoints via
JMX and HTTP using Spring MVC, support for access via HTTP using
Jersey and WebFlux has been added. This includes using a separate
management port where we now spin up an additional, appropriately
configured servlet or reactive web server to expose the management
context on a different HTTP port to the main application.

Closes gh-2921
Closes gh-5389
Closes gh-9796
7 years ago
Spring Buildmaster 17a5bb0be4 Next development version 7 years ago
Spring Buildmaster 41c5c0e7c9 Next development version 7 years ago
Spring Buildmaster 05d4d0281c Next Development Version 8 years ago
Spring Buildmaster 88e43c8421 Next Development Version 8 years ago